Eye on Security: All Web Browsers Are Insecure... on Windows

Dr. Roy Schestowitz

2010-04-26 21:18:38 UTC
Modified: 2010-04-26 21:18:38 UTC

A strong fortress won't last on a puddle of mud

Summary: News from the past few days can suggest that Microsoft Windows -- not the particular Web browser -- in the main source of threat

● Malware masquerades as Google Chrome extension

A spam campaign is pushing malware disguised as a Google Chrome extension.

[...]

Rather than delivering the promised extension, the malicious page sends a program that modifies Windows' Hosts file to redirect Google and Yahoo searches to a fake site that downloads other malware.

● Malware hides from search engines

Criminals are increasingly attempting to conceal malware embedded in hacked websites from search engines such as Yahoo! and Google. Their aim is to prevent browsers which use technology such as Google's Safe Browsing API from sounding the alarm when a user visits a hacked website. Google's Safe Browsing API allows client applications to query Google's phishing and malware blacklist. Firefox and Google Chrome both make use of the API, which is based on Google searches of websites for suspicious code.

● Trojan poses as Google Chrome extension

● Bank Trojan Takes Aim at Firefox Users [Mozilla Firefox on top of Windows is not secure]

The company's Flashlight and Rapport services detect the latest version of Zeus, however, and the company recently developed a hardened version of Mozilla for UK bank HSBC specifically to counter the threat of advanced banking Trojans such as Zeus.

● PC Owners Being Used as 'Malware Mules'

Hackers are using unsuspecting ~~web~~ [Windows] users as 'malware mules' to infect other PC users with viruses, says Symantec.

Comments

Yuhong Bao

2010-04-26 23:20:22

I'd not call Windows the threat here, I'd call the malware the threat.

Dr. Roy Schestowitz

2010-04-26 23:24:10

It exploits Windows weaknesses. Architecturally, in Linux you would get applications from the repos most of the time.

Yuhong Bao

2010-04-26 23:39:50

Well, looks like all it does is that it uses the hosts file to redirect users, which is a classic trick that works on all OSes. It would be different if it did something more, but... Architecturally, in Linux you would get applications from the repos most of the time. Yea, but it seems that Google Chrome extensions are supported on Linux.

Dr. Roy Schestowitz

2010-04-26 23:51:20

IIRC, the hosts file in Linux sometimes requires root access (maybe it's a two-layer config).
Yuhong Bao

2010-04-26 23:59:39

And I think Windows too require admin access.
Jose_X

2010-04-27 00:09:57

The extension is .exe. Are people running Windows as "admin" or is there another weakness being exploited to give admin privileges or does Windows come with insecure default access?

I just don't see a file ending in .exe as likely being a problem on Linux. I don't know the details (nor care) nor know how Windows works, but ....
Dr. Roy Schestowitz

2010-04-27 00:13:23

Yuhong,

if that's the case, then Chrome for Windows gets too much, privilege-wise.

Wayland is About Less Choice, About Removing Choices, It's Not About Freedom: IBM insists that it cares about "diversity"
Keeping Things Accessible: Gemini Protocol seems to be growing
Not Much Better Than LLM Slop: Linux Foundation-Funded 'News' Site Writes Linux Foundation 'News', Composed by Linux Foundation Operative, Quoting Linux Foundation Staff: ...they get paid (sponsored) to produce this spam. Then they call it "journalism".
Annual Southern California Linux Expo (SCALE 22x) 'Bought' by Microsoft and Microsoft Exceeded Sponsorship Limits by Giving Double the Maximum Permitted Amount: When people get bribed they tend to forget how to utter a simple word: "No."
Links 27/06/2025: International Tensions and Contentions Over Plagiarism Perfumed as "Hey Hi" and "Fair Use": Links for the day
Gemini Links 27/06/2025: Poetry and Censorship by Social Control Media Centralisation: Links for the day
Links 27/06/2025: Journalists Under Fire and Microsoft Has Serious Slop Problems: Links for the day
X is Dying, But Not XServer/X11. Twitter X.com is Dying.: People or businesses or government officials (and departments) that still rely on Social Control Media are playing Russian Roulette with their future online
Escaping Colonialism (or 'Hegemony') Requires Abandoning GAFAM, Microsoft in Particular: Europe is already in the process of abandoning Microsoft
Microsoft Will Shut Down More Studios This Week, Its Media Operatives Will Tell Lies About the Magnitude of the Shutdowns and Layoffs (They Always Do): Many people who get counted as "workforce" are "temps" or similar
What Linux Foundation 'Research' is: Paid Marketing: What is Linux Foundation 'Research'?
No, IBM Does Not Care About People With Disabilities: "Aktion T4" did not seem to bother Watson
Microsoft's Financial Problems Mean Shutdowns, Not Just Mass Layoffs: If the original rumour is true, then expect almost 30,000 Microsoft workers to be let go this year
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, June 26, 2025: IRC logs for Thursday, June 26, 2025
The Netherlands: GNU/Linux Measured at All-Time High: Are any Dutch cities going to announce dumping Microsoft?
Gemini Links 27/06/2025: "Interstitial Existence" and Autocorrect: Links for the day
EPO Examiners Point Out to the Heads of Delegations in the Administrative Council of the EPO That the "AI Policy" of the Office is Illegal: "the Central Staff Committee (CSC) asks the Administrative Council to exert its supervisory role and instruct EPO management to enter into genuine dialogue with the staff representation on the AI Policy, to revise the “Leverage AI” target of 90% AI-automated classification in the SP2028 and to put in place the measures supported by staff in the resolution."
Technical People Need Technical Lawyers: Technical Litigants in Person (LIPs) have many real and concrete advantages
10,000+ Articles in About 20 Months (and How We Got Here): More bloat does not beget efficiency and "bells and whistles" tend to have a hidden cost
French Cities Dumping Microsoft Because They Recognise Software Freedom, Open Standards, GNU/Linux Autonomy: We hope that more French cities - maybe Paris - will follow Lyon.
Links 26/06/2025: Illegal Kangaroo Court (UPC) Failing Scandinavia, K-Pop Agencies Abuse People: Links for the day
Gemini Links 26/06/2025: AuraGem Twitch Proxy is Back and UI Sluggishness: Links for the day
LWN is a Voice of GAFAM (Through Linux Foundation, Their Front Group or Occupying Force Inside Linux): remember who the chief editor works for and who sponsors many of the articles
Links 26/06/2025: Noise Pollution Considered High in Europe, Mass Layoffs Next Week in Microsoft Confirmed, Very Large in Scale and Scope: Links for the day
The 'Case' of the Serial Strangler From Microsoft is a Lot of Copypasta (Maybe Also LLM Slop) From the Matthew Garrett 'Case': 5RB deserves to know and the matter shall be properly reported in due course (when the time is right)
EPO Squeezing the Staff - Part II - Office Breaks Rules, Ignores Courts, Defies Justice: False promises everywhere
No, I Don't Want Your Latest XYZ, ThankYouVeryMuch...: Wayland is finally ready?
China Keeps Breaking Into Microsoft Systems, So for True Sovereignty, Nations Wary of China Need to Dump Microsoft: Looking at data from Taiwan (not China) and Maharlika (not Philippines, the king is dead and Spain is out), there are encouraging signs
Linux Journal Wants Ads on Its LLM Slop or Ads as 'Articles': it's basically another BetaNews
How to Kill a Monopoly: in 10 simple steps
IBM - Like Microsoft - is a Dying Company and Perishing Brand ("AI" is a Lie and Decoy): "Arvind is cutting costs (layoffs, PIPs, forced RTO, etc...) like crazy. IBM offices are closing all over the place in the US."
"Code of Conduct" Invoked When Fedora and Red Hat Users (Since the 1990s) Don't Want to Use Wayland: That is IBM "DEI"
Mozambique: GNU/Linux Rose From 0.5% Last Year to 3% This Year: what (or how) statCounter is measuring
Microsoft Layoffs Next Week: About 10% to be Laid Off in Microsoft Gaming (2 Days Before Independence Day), About 20%+ of XBox Staff: Microsoft is rapidly collapsing
Next Month Marks 11 Years Since Our In-Depth EPO Coverage: The same is happening to Microsoft right now
Free Software Foundation (FSF) Campaigns Against Vista 11, Adds 4 New Associate Members Per Day: If more people understood the underlying principles, more of them would flock to Free software overnight
Canonical Seems to Have Culled Some Sources of LLM Slop From Planet Ubuntu: It's like "junk food", it's not information
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 25, 2025: IRC logs for Wednesday, June 25, 2025
On "Weak Claims": For the record, they sent me unjustified threats, repeatedly tried injunctions (censorship)
EPO Squeezing the Staff - Part I - Burnout and Family Health: more exceptional circumstances
This Month's Mail (MX) Server Survey Shows Microsoft at 0.20% "Market Share": We need to remind people that desktops and laptops decline (in proportion to other client devices) and at the "back end" GNU/Linux is already dominant and has long been dominant
Links 26/06/2025: Filespooler Guide and Learning to Code: Links for the day
Why Techrights Cannot be Vilified (and Instead It Gets SLAPPed Repeatedly by Microsoft People): Attack dogs are all "bark"; because they have no actual "bite"
Austrian GNU/Linux Usage Up to About 5% as More of Europe Abandons Microsoft: Since inauguration day the Austrian people have adopted more and more of GNU/Linux
Why the "Wayland People" and "Rust People" Will Lose Hearts and Minds (Same Reasons): Wayland pushers are fast becoming like "Rust People"
5,600 Pages/Articles Per Year: So far this year we've kept all the promises
BetaNews Beginning to Show What Its True Goals Are: The 'new' BetaNews won't be about journalism. It's trying to sell things.
Microsoft Has Lost "The War": We'll soon see the 9th or 10th wave of Microsoft layoffs in 2025 alone
Slopwatch: A Wreck and a Dreck, "Flooding the Zone With Dreck" or Flooding the Web With Junk: "Slopwatch" continues today because we have many new examples
Links 25/06/2025: Thwarting More Software Patents, Overlap Grows Between EPO Corruption and Illegal Kangaroo Patent Courts in EU: Links for the day
Links 25/06/2025: Elon Musk’s Lawyers Caught Lying, WhatsApp Faces More Bans: Links for the day
Wayland Pushers Lose the Argument, Use LLM Slop and Chatbots to Make Up Arguments for IBM: Another new low and low blow
Brian Fagioli Created Another Slopfarm Targeting "Linux" After BetaNews Became a Slopfarm of Phantom Accounts and Pseudonyms: Mr. Fagioli even had slop about a dead Torvalds (hypothetical) as clickbait
Wayland is Perfect, Nobody Can Escape Its Perfection! (Or Not): Do not form on opinion on Wayland based on politics
What is "MATA"?: Think of it as GAFAM or "Meta"
Moral Duty for "Linux Sites" to Speak Out Against LLM Slop: My wife has long complained about "Linux bloggers" keeping quiet and thus passive about a growing problem: slop
In Recent Hours Google News Promoted at Least 3 Slopfarms That Relayed Linux Foundation Propaganda Made by Bots or LLM "Bullshit Generators" (as Dr. Stallman Dubbed Them): Google is circling down the drain and Google News too is hopeless
Linux Journal is a Slopfarm, It's Experimenting With LLM 'Authors': Is Slashdot next?
WebProNews is a Slopfarm: Please avoid linking to WebProNews
Microsoft LinkedIn is Dying and Many More Layoffs Are on the Way: LinkedIn is just a failed acquisition of Microsoft. It causes losses and debt.
Gemini Links 25/06/2025: Combinatorial Music and Self Hosting: Links for the day
Richard Stallman Coming Back to Europe This Autumn to Give More Talks: His last talk in Europe attracted about 400-450 people
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 24, 2025: IRC logs for Tuesday, June 24, 2025
Social Control Media, Technology & Catholicism: Synod on Synodality review and feedback: Reprinted with permission from Daniel Pocock
How Many More Women Will Managers at Microsoft Strangle and Tell to Kill Themselves (or Try to Kill)?: The world needs to know what happened
The New BetaNews: 7 New 'Articles', All of Them LLM Slop: BetaNews is basically defunct. Nobody writes there anymore.
Another "Told You So!": XBox Mass Layoffs at Microsoft (Many Recent Reports Were Chaff and Spin), Many Other Divisions Affected: With mass layoffs at Microsoft the world would be much better

Eye on Security: All Web Browsers Are Insecure... on Windows

Comments

Recent Techrights' Posts