Browser Redirect Feature Makes Installing Malware a Walk in the Park
A little known feature of modern browsers can be used to install malware on victims` computers. The discovery, documented by Google security engineer Michal Zalewski, was demonstrated in a proof of concept attack on Tuesday.
The attack is based on the fact that one document can navigate other, non-same-origin windows to URLs of choice that may contain malware. When this feature is successfully exploited, the attacker can initiate a malicious download that appears to originate from a legitimate page.
The social engineering part is extremely efficient, as the attacker can force the malicious download on a page the user would normally expect to offer a legitimate file. More than that, the address of the website will not get updated to reflect the redirect, which is reassuring enough for the average user.
“The problem also poses an interesting challenge to sites that frame gadgets, games, or advertisements from third-party sources; even HTML5 sandboxed frames permit the initiation of rogue downloads, wrote Zalewski on his blog.
The proof-of-concept code has been confirmed to work with the top three browsers (Chrome, Internet Explorer and Firefox). Although all three vendors have been notified, no fix is available yet. The report also states that, apart from Google, other vendors will likely not address the issue.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021