1 min read

Browser Redirect Feature Makes Installing Malware a Walk in the Park

Loredana BOTEZATU

June 01, 2012

Browser Redirect Feature Makes Installing Malware a Walk in the Park

A little known feature of modern browsers can be used to install malware on victims` computers. The discovery, documented by Google security engineer Michal Zalewski, was demonstrated in a proof of concept attack on Tuesday.

The attack is based on the fact that one document can navigate other, non-same-origin windows to URLs of choice that may contain malware. When this feature is successfully exploited, the attacker can initiate a malicious download that appears to originate from a legitimate page.

The social engineering part is extremely efficient, as the attacker can force the malicious download on a page the user would normally expect to offer a legitimate file. More than that, the address of the website will not get updated to reflect the redirect, which is reassuring enough for the average user.

“The problem also poses an interesting challenge to sites that frame gadgets, games, or advertisements from third-party sources; even HTML5 sandboxed frames permit the initiation of rogue downloads, wrote Zalewski on his blog.

The proof-of-concept code has been confirmed to work with the top three browsers (Chrome, Internet Explorer and Firefox). Although all three vendors have been notified, no fix is available yet. The report also states that, apart from Google, other vendors will likely not address the issue.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read