Browser Rootkits

Are browser rootkits currently a threat in the wild?
How prevalent are they?
Do anti malware solutions check for these?

http://www.gnucitizen.org/blog/browser-rootkits/

 

LOL
NIS has identified that site as a risk :

http://safeweb.norton.com/report/show?url=gnucitizen.org

 

I guess I will have to just monitor the browser.jar for modifications and hope they are not malicious javascripts.
How would I know of extensions on extensions?

 

@Searching_ _ _

Prevx SafeOnline might take care of this

https://www.wilderssecurity.com/newreply.php?do=newreply&noquote=1&p=1617347

 

Nothing here with Intego VB X6 and Site Advisor

http://www.siteadvisor.com/sites/gn...e=en-US&premium=false&client_type=FF&aff_id=0

 

Sandboxie might be an answer for most browser security problems.

SourMilk out

 

That is why I trust my own judgement, not some rating site.

 

That guy's article, while entertaining, was ultimately pointless. He just doesn't get it; he is still living in the "blacklisting" world, where the AV companies are always one step behind the malware authors. This is bad security practice and it just needs to die (of course it wont because the AV companies make billions with this scheme). Searching for malware after it has been introduced into the wild == fail. This has been proven time and again -- just look at the number of infected boxes that run up-to-date AV software.

And I suppose my definition of rootkit needs refining as I am pretty sure a rootkit involves gaining root on a machine (goes back to Unix root accounts, hence the name). A browser "rootkit" would not be able to gain root under user accounts, so I think the guy needs to come up with a better name.

P.S. The name of this site is a bit, well, strange. GNUcitizen makes one think they are connected to the GNU project, which I seriously doubt they are.

 

Quite right too,those ratings can be very misleading.In fact the 'computer threat' mentioned is in regards to a POC of a Quicktime exploit posted in a blog dated September 2007.That's not to say Norton is incorrect in it's assessment,just that it fails to take into consideration the context in which the "malware code" appeared.

 

These threads may be of interest to you:
https://www.wilderssecurity.com/showthread.php?t=263323
https://www.wilderssecurity.com/showthread.php?t=266027
https://www.wilderssecurity.com/showthread.php?t=265297

 

Thank you Siljaline. I had already read 2 of the 3 articles you posted links to.
I like RMUS' analysis of threats and try to follow along until I get crosseyed.
I will go over them again.

Do you have any links to articles about malicious js inserted into browser.jar or malicious sub extensions?

 

You are welcome Searching, there are a number of threads here at Wilder's, I think I only dug out a few but probably the most relevant.
RMUS does an outstanding job on the analysis end

Regards,

 

I always click on threads where Rmus does a post. His writings are a true learning experience.

 

Agreed, he certainly knows his stuff

 

One thing I have noticed is that after he breaks it down you can see that it really doesn't take that much to protect yourself from these exploits.

 

Not taking away anything from Rmus, there are ways of avoiding these exploits. Visting here, among others is a learning experience for many, it was for me when I was a younger lad.