Researcher warns 'zombie browsers' are skyrocketing
- 31 October, 2012 22:00
Some web browsers can be tricked into using so-called "malicious extensions" that can give hackers the ability to hijack the user's session, spy on webcams, upload and download files, and in the newer mobile-device area, hack into Google Android phones.
Zoltan Balazs, IT security consultant at Deloitte Hungary, spoke about the topic he calls "zombie browsers" during this week's Hacker Halted Conference in Miami. He said up until a year ago, only 10 of these browser malicious extensions were known to exist, but this year has seen 49 new ones already. "It's skyrocketing," Balazs noted, and he faulted the anti-virus vendors for allegedly not addressing the issue at all.
"Even after two years, none of the anti-virus vendors detect these," he said, saying he's issuing a plea for them "to try harder on detecting malicious extensions."
In his talk, Balazs explained how malicious extensions in Firefox, Chrome and Safari have been created by attackers that try to get them added to the user's browser through Web-based drive-by downloads or infected attachments. The result might be giving the attacker a way to steal data or spy on you, he said.
In terms of advice to companies concerned their user base might fall victim to this, he said setting controls on applications can help, plus in Chrome it's possible to control the extensions the user can use.
Microsoft misjudges customer loyalty with kill-XP plea
Education ministry gets new CIO
Facebook coughs up $19bn to buy WhatsApp, draw younger users
Telecom to change name to Spark
Nov'IT says flashing a new ROM onto your Android phone can make it more secure