Feeds

Alternative browser spyware infects IE

Backdoor attack

SANS - Survey on application security programs

Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place.

Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range of browsers with native Java support. "The spyware installer is a Java applet powered by the Sun Java Runtime Environment, which allows them to whack most browsers out there, including Firefox, Mozilla, Netscape and others. In the original test, only Opera and Netcaptor didn't fall for the install but Daniel Veditz, who is the head of Mozilla security, has since confirmed to me that this will also work in Opera and Netcaptor," he explained.

In the example Boyd highlights surfers looking for Neil Diamond lyrics (of all things) are served with a variety of adware and spyware packages including Internet Optimizer, sais (180 Solutions) and Avenue Media. Thereafter, if victims allow the packages to install, victims will be bombarded with pop-up ads and their computer will be reduced to a crawl. The malware doesn't install automatically but managed web security firm ScanSafe reckons the pop-up dialogue it generates is obscure enough to fool most home users.

Alternative browser adware risk

ScanSafe reports an increase in spyware of 15 per cent over the last three months of 2004 compared to the previous quarter. Adware accounted for three of the top 10 most prolific threats recorded by ScanSafe over Q4 2004. Spyware authors have thus far restricted themselves to targeting vulnerabilities in IE but ScanSafe reckons it’s only a matter of time before they turn their attention towards alternative browsers.

John Edwards, CTO of ScanSafe, said that some users migrated away from IE to alternative browsers such as Firefox after various security scares last year. He cited figures from Secunia that Firefox and IE were both subject to five advisories in the first two months of this year to support his argument that Firefox was not "bullet-proof".

"Just switching away from IE does not give adequate projection. Now that Firefox and other alternative browsers have a toehold in the market the hacking community will get busy exploiting the vulnerabilities that exist in any complex browser," he said. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.