Juniper Networks has found and mostly patched a flaw in the way the firmware on its routers process IPv6 traffic, which allowed malicious users to simulate Direct Denial of Service attacks.
The vulnerability, which seems to be common to all devices processing IPv6 address, meant that purposely crafted neighbour discovery packets could be used to flood the routing engine from a remote or unauthenticated source, causing it to stop processing legitimate traffic, and leading to a DDoS condition.
In a year-long study in conjunction with New York University, researchers at Google found that unwanted software unwittingly downloaded as part of a bundle to be a larger problem for users than malware. Google Safe Browsing currently generates three times as many Unwanted Software (UwS) warnings than malware warnings, over 60 million per week.
The study found that the pay-per-install (PPI) scheme, whereby a company succeeds in monetizing end user access by paying $0.10 to $1.50 every time their software in installed on a new device, to be the primary source of unwanted software proliferation. To get a payout from a commercial PPI organization, companies bundle regular software with unwanted software, which is then unwittingly downloaded by the user.