Feeds

Alternative browser spyware infects IE

Backdoor attack

Protecting against web application threats using SSL

Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place.

Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range of browsers with native Java support. "The spyware installer is a Java applet powered by the Sun Java Runtime Environment, which allows them to whack most browsers out there, including Firefox, Mozilla, Netscape and others. In the original test, only Opera and Netcaptor didn't fall for the install but Daniel Veditz, who is the head of Mozilla security, has since confirmed to me that this will also work in Opera and Netcaptor," he explained.

In the example Boyd highlights surfers looking for Neil Diamond lyrics (of all things) are served with a variety of adware and spyware packages including Internet Optimizer, sais (180 Solutions) and Avenue Media. Thereafter, if victims allow the packages to install, victims will be bombarded with pop-up ads and their computer will be reduced to a crawl. The malware doesn't install automatically but managed web security firm ScanSafe reckons the pop-up dialogue it generates is obscure enough to fool most home users.

Alternative browser adware risk

ScanSafe reports an increase in spyware of 15 per cent over the last three months of 2004 compared to the previous quarter. Adware accounted for three of the top 10 most prolific threats recorded by ScanSafe over Q4 2004. Spyware authors have thus far restricted themselves to targeting vulnerabilities in IE but ScanSafe reckons it’s only a matter of time before they turn their attention towards alternative browsers.

John Edwards, CTO of ScanSafe, said that some users migrated away from IE to alternative browsers such as Firefox after various security scares last year. He cited figures from Secunia that Firefox and IE were both subject to five advisories in the first two months of this year to support his argument that Firefox was not "bullet-proof".

"Just switching away from IE does not give adequate projection. Now that Firefox and other alternative browsers have a toehold in the market the hacking community will get busy exploiting the vulnerabilities that exist in any complex browser," he said. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.