Eye on Security: All Web Browsers Are Insecure... on Windows

Dr. Roy Schestowitz

2010-04-26 21:18:38 UTC
Modified: 2010-04-26 21:18:38 UTC

A strong fortress won't last on a puddle of mud

Summary: News from the past few days can suggest that Microsoft Windows -- not the particular Web browser -- in the main source of threat

● Malware masquerades as Google Chrome extension

A spam campaign is pushing malware disguised as a Google Chrome extension.

[...]

Rather than delivering the promised extension, the malicious page sends a program that modifies Windows' Hosts file to redirect Google and Yahoo searches to a fake site that downloads other malware.

● Malware hides from search engines

Criminals are increasingly attempting to conceal malware embedded in hacked websites from search engines such as Yahoo! and Google. Their aim is to prevent browsers which use technology such as Google's Safe Browsing API from sounding the alarm when a user visits a hacked website. Google's Safe Browsing API allows client applications to query Google's phishing and malware blacklist. Firefox and Google Chrome both make use of the API, which is based on Google searches of websites for suspicious code.

● Trojan poses as Google Chrome extension

● Bank Trojan Takes Aim at Firefox Users [Mozilla Firefox on top of Windows is not secure]

The company's Flashlight and Rapport services detect the latest version of Zeus, however, and the company recently developed a hardened version of Mozilla for UK bank HSBC specifically to counter the threat of advanced banking Trojans such as Zeus.

● PC Owners Being Used as 'Malware Mules'

Hackers are using unsuspecting ~~web~~ [Windows] users as 'malware mules' to infect other PC users with viruses, says Symantec.

Comments

Yuhong Bao

2010-04-26 23:20:22

I'd not call Windows the threat here, I'd call the malware the threat.

Dr. Roy Schestowitz

2010-04-26 23:24:10

It exploits Windows weaknesses. Architecturally, in Linux you would get applications from the repos most of the time.

Yuhong Bao

2010-04-26 23:39:50

Well, looks like all it does is that it uses the hosts file to redirect users, which is a classic trick that works on all OSes. It would be different if it did something more, but... Architecturally, in Linux you would get applications from the repos most of the time. Yea, but it seems that Google Chrome extensions are supported on Linux.

Dr. Roy Schestowitz

2010-04-26 23:51:20

IIRC, the hosts file in Linux sometimes requires root access (maybe it's a two-layer config).
Yuhong Bao

2010-04-26 23:59:39

And I think Windows too require admin access.
Jose_X

2010-04-27 00:09:57

The extension is .exe. Are people running Windows as "admin" or is there another weakness being exploited to give admin privileges or does Windows come with insecure default access?

I just don't see a file ending in .exe as likely being a problem on Linux. I don't know the details (nor care) nor know how Windows works, but ....
Dr. Roy Schestowitz

2010-04-27 00:13:23

Yuhong,

if that's the case, then Chrome for Windows gets too much, privilege-wise.

Eye on Security: All Web Browsers Are Insecure... on Windows

Comments

Recent Techrights' Posts