Obfuscation is my middle name
Nearly identical attacks, likely perpetrated by the same group, used the recent Microsoft animated-cursor flaw to compromise computers as well.
"I would not say that this is the end of their attacks," said Dan Hubbard, vice president of security research for Websense, said in February.
"The object is to make the attack vector that much more opaque, not just to your system, but to the analyst as well," Nazario said.
"This is only going to make things worse," Hoffman said at the time. "It is like you (the victim) are in a bot net but without all the traditional malware traces that bot software usually leaves behind."
In the week following the presentation, someone leaked the source code - which Hoffman had intended to keep private - to the internet. This article originally appeared in Security Focus.
Copyright © 2007, SecurityFocus
example of attack
I run mozilla on linux, so do not expect much in the way of web attacks, as such is usually oriented toward Window machines.
A couple days ago I was doing online reasearch on some obscure electronics devices, opening a few tabs associated with a Google search. In addition, this produced an unwanted small window, without the full features of a new mozilla window. I rarely get pop-under windows. This was more like a pop-up, which I have blocked in mozilla. I usually close out these rare pop-unders manually.
The contents of this window was something to the effect that my computer still contained information about porn sites that I had visited, offering to clean this from my computer. There appeared to be a couple of buttons at the bottom to accept or decline this offer. Since Google has not sent me to any a porn sites (like it formerly did) in over a year, I was sure this was a ruse. Ignoring the accept/ decline buttons , I tried the upper right-handed X to close it out.
It turned out, the window was just a single image (I am guessing), no active buttons at all. In any event the "clean my porn" operation commensed in a newly opened small real broswer window. I think it had as many tabs as my original mozilla window. My original tabbed mozilla window resized smaller. I did manage to close the new "porn cleaning" window. It complained that it had not finished its task. Mozilla completely died, which was preferable to the "porn cleaner" completing whatever it was up to. I have no idea what it was trying to do to my computer.
If I see any these in the future I may try a "killall java"
or possibly a "killall mozilla-bin" Attempting to close the inital image or popup window, or whatever it was did not get rid of it.
In 7 years of Linux usage, this is the only browser attack that I have ever witnessed, at least that I know about.
... and then laugh at all the web developers that can't do a simple Submit button without feeling some kind of bizarre need to implement JS.
I always suspected that JS should be used for nothing but "fluff" and being on the front-line so to speak has confirmed that suspicion. I run the website for a fairly small company (in house), small enough that I actually have to speak to the punters periodically... which, while occasionally irritating, is actually extremely informative. We have an e-commerce site that keeps working with JS and cookies disabled; some of the features pack up of course but it doesn't actually break the site as a whole.