Project helps users update vulnerable software

Jun 13, 2016 15:04 GMT  ·  By

Developer Paulos Yibelo has launched today the Zerorose project, a website that scans your browser setup for known vulnerabilities, in the same way exploit kits do and provides you with a set of results that you'll need to address, either by updating your browser or by updating or removing browser plugins.

Exploit kits first appeared in mid-2000s and have slowly grown in popularity, as more crooks have discovered their benefits.

Also called crime kits, exploit kits are nothing more than a Web application that runs on a server. Whenever users access a Web page, the exploit kit scans their system, detects vulnerable software, and leverages malicious code to exploit one or more of those vulnerabilities and infect the system with malware.

These attacks are also called "drive-by downloads" because the user doesn't notice anything, especially if they don't have an antivirus installed on their computer.

The Zerorose project offers an on-demand vulnerability scanner, which checks for the same weaknesses an exploit kit looks for.

Instead of delivering an exploit package that infects your computer, the scanner tells you the name of the vulnerable product, the version, the CVE identifier of the vulnerability, its severity rating, and a small description of the issue.

Where possible, an "Update" button will be shown, linking to the download location of the vulnerable product's latest version.

The development team claims Zerorose uses machine learning to expand its knowledge base and will increase accuracy as more people use it.