Opera is already a pretty small actor so stuff like this probably hurts them more than the bigger guys. This incident will probably show in the bottom-line later on.
Hope they get their things sorted out, and I really hope they learn enough to avoid having anything like this happening in the future. Things like this are never OK if there is a second time around.
I'm not much of a Opera fan, but we need to give credit where credit is due.
Of course, with the web moving towards HTTPS, technologies like SPDY are forward thinking and proxies get shelved.
As the other commenter outlined, for these kind of devices Opera is a keyhole to the internet.
And you will notice that even on modern hardware with good access to the internet, Opera works smoother/faster than other browsers (it's at least the case on my android tablet).
I would imagine that keeping this a secret would be worth a lot more to the right people.
Opera also states the security breach has been handled on their end, so I see nothing wrong with the announcement's title either.
It would be unfortunate if the situation got out of hand, with recent fundamental changes to their browser, Opera now needs 100% focus to stay competitive.
However to be on the safe side we've taken a number of precautions including blowing away every machine (fai-project.org FTW!) and updating credentials everywhere.
That is nice. Automatic installation of malware. It's the way to go :)
Users checking for updates or visible automatic update prompts during that timeframe that Opera said was offering the infected update would still get the malware.
People assume that getting automatic update prompts would allow them to stop the update if they heard about an infected update. The problem with that logic is that by the time the companies know about a breach, they would've shut down the automatic update FIRST and then fix the breach, then resume it. Customers would rarely know about that breach in advance, so the prompt wouldn't change anything here.
- Spreads the exposure time, creating a much larger window in which updates may be deployed, reducing the number of systems affected, and reducing the likelihood of a targeted attack succeeding.
- Prevents targeted 'midnight' updates in which an attacker can deploy code at-will to target systems during hours that nobody will be around to see them.
- Requires producing reasonable looking update notes, which will likely be noticed by everyone involved in the release process, resulting in an additional warning to those that can detect the issue.
A silent update can go out without anyone knowing that an update was even deployed.
As someone who has Opera installed on their home machine, which they also use for banking, how worried should I be?
Would Malwarebytes be enough to find and remove the trojan?
That shows MalwareBytes detecting it as Trojan.Downloader.szb, and it does appear to be Zeus or a close variant. I'd be concerned.
> It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.
"If you think something is spam or offtopic, flag it by going to its page and clicking on the "flag" link. (Not all users will see this; there is a karma threshold.)"