30 May 2011

Security researcher reveals cookiejacking

Research by Rosario Valotta, an independent internet security researcher in Italy, recently revealed a new attack against Microsoft Internet Explorer users.

Valotta presented his findings earlier this month at conferences in Amsterdam and Switzerland. In order to exploit the vulnerability, called “cookiejacking,” hackers may trick computer users into clicking graphics or videos, allowing the cyber criminals to access certain codes.

While clickjacking attacks have been in play for some time, this new type of attack incorporates zero-day vulnerability, allowing the hackers to steal any cookie from the computer user once they enter a password and username for websites, such as Facebook.

"Given the level of required user interaction, this issue is not one we consider high risk in the way a remote code execution would possibly be to users," Microsoft spokesman Jerry Bryant told CNET.

Windows users are also facing a different issue from hackers. According to an internet security company, the Fakefrog Trojan tricks computer users by issuing a fake warning that there is a problem with the hard drive, asking for money to fix the issue.