Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Malicious browser extensions pose a serious threat and defenses a...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Malicious browser extensions pose a serious threat and defenses are lacking
Expert Contributor 26th Sep, 2013 18:31
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
Many security products offer inadequate protection against malicious browser extensions, a researcher has found

By Lucian Constantin
September 26, 2013 08:44 AM ET

IDG News Service - The number of malicious browser extensions has significantly increased in the past year but many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.

Attackers have already used such extensions to perform click fraud by inserting rogue advertisements into websites or by hijacking search queries, but research has shown that this type of malware has the potential to cause much more damage.

Last year Zoltan Balazs, an IT security consultant with professional services firm Deloitte in Hungary, created a proof-of-concept malicious extension that could be controlled remotely by an attacker and could steal authentication credentials, hijack accounts, modify locally displayed Web pages, take screenshots through the computer's webcam, bypass two-factor authentication systems and even download and execute malicious files on a victim's computer.

And last week the European Union Agency for Network and Information Security (ENISA) warned in its midyear report: "An increase in malicious browser extensions has been registered, aimed at taking over social network accounts."

Earlier this year Balazs investigated how various security products protect users against malicious browser extensions and presented his findings at the OHM2013 security conference near Amsterdam in August. He performed tests against browser security extensions, sandboxing software, Internet security suites, anti-keylogging applications and financial fraud prevention programs recommended by some banks.

Many of these products either don't detect and block malicious extensions at all, or their protection can be bypassed, sometimes very easily, he found.

Not all of the tested products claim to protect against malicious extensions, but Balazs said he tested them because some users might believe they do.

For example, the NoScript security extension for Mozilla Firefox is designed to block plug-in content from executing without user authorization, and also blocks some Web-based attacks such as cross-site scripting or clickjacking. However, it doesn't protect against malicious browser extensions or local malware, Balazs said.

BrowserProtect, another Firefox extension, claims to protect the browser against "homepage, search provider, extension, add-on, BHO and other hijacks." This extension also fails to protect against malicious extensions, the researcher said.

Browser security extensions are not really trying to protect against malicious extensions and they wouldn't be able to because by design they run with the same privileges as those extensions, Balazs said.

Balazs also tested Internet security suites from five top antivirus vendors that he declined to name. The level of protection they offered against malicious browser extensions varied from none to good.

One of the tested products detected and removed the researcher's malicious Firefox extension, but he was able to bypass the detection signature by adding a single space character at a specific location in the extension's code.

More to read at :-
http://www.computerworld.com/s/article/9242699/Mal...

--

No one has replied to this thread yet - be the first
This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer