Browser Rootkits

Discussion in 'malware problems & news' started by Searching_ _ _, Feb 1, 2010.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
  2. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    LOL
    NIS has identified that site as a risk :cool: :
    http://safeweb.norton.com/report/show?url=gnucitizen.org
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I guess I will have to just monitor the browser.jar for modifications and hope they are not malicious javascripts.
    How would I know of extensions on extensions?
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  5. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    220
  6. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Sandboxie might be an answer for most browser security problems.

    SourMilk out
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    That is why I trust my own judgement, not some rating site.
     
  8. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    That guy's article, while entertaining, was ultimately pointless. He just doesn't get it; he is still living in the "blacklisting" world, where the AV companies are always one step behind the malware authors. This is bad security practice and it just needs to die (of course it wont because the AV companies make billions with this scheme). Searching for malware after it has been introduced into the wild == fail. This has been proven time and again -- just look at the number of infected boxes that run up-to-date AV software.

    And I suppose my definition of rootkit needs refining as I am pretty sure a rootkit involves gaining root on a machine (goes back to Unix root accounts, hence the name). A browser "rootkit" would not be able to gain root under user accounts, so I think the guy needs to come up with a better name. :argh:

    P.S. The name of this site is a bit, well, strange. GNUcitizen makes one think they are connected to the GNU project, which I seriously doubt they are.
     
  9. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Quite right too,those ratings can be very misleading.In fact the 'computer threat' mentioned is in regards to a POC of a Quicktime exploit posted in a blog dated September 2007.That's not to say Norton is incorrect in it's assessment,just that it fails to take into consideration the context in which the "malware code" appeared.
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Thank you Siljaline. I had already read 2 of the 3 articles you posted links to.
    I like RMUS' analysis of threats and try to follow along until I get crosseyed.
    I will go over them again.

    Do you have any links to articles about malicious js inserted into browser.jar or malicious sub extensions?
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You are welcome Searching, there are a number of threads here at Wilder's, I think I only dug out a few but probably the most relevant.
    RMUS does an outstanding job on the analysis end :thumb:

    Regards,
     
  13. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I always click on threads where Rmus does a post. His writings are a true learning experience.
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Agreed, he certainly knows his stuff :thumb:
     
  15. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    One thing I have noticed is that after he breaks it down you can see that it really doesn't take that much to protect yourself from these exploits.
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Not taking away anything from Rmus, there are ways of avoiding these exploits. Visting here, among others is a learning experience for many, it was for me when I was a younger lad.
     
Loading...
Thread Status:
Not open for further replies.