How script kiddies can hijack your browser to steal your password

Discussion in 'malware problems & news' started by lotuseclat79, Dec 3, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Interesting. Not surprisingly NoScript stops both poc's; the real Find bar in Firefox displays with ctrl+F. If I temporarily allow all, the fake search bar pops up instead. Chrome is bypassed.
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Back to using NoScript. :(
    It is an effective tool that is seriously a pain in the neck.
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    For a while, but once you get the whitelist built up adequately (I realize it takes considerable time), you'll have yourself what I consider to be the finest weapon against web-borne threats. Stop the script and you stop the threat cold.

    Imho, Firefox doesn't have to be that secure as a browser, such as Chrome, when NS is used and managed properly.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    From the article:

    This scenario comes to mind:

    You have to connect to a site where this code is embedded.

    If you white list your sites for javascript, your legitimate site would have to be thoroughly compromised to have code embedded. More likely would be a redirect to a malicious site, which would not be on your white list, so the script would not execute.

    Anyway, the user would have to be really fooled to do a search on a site that she/he wasn't intending to go to in the first place.

    Any other scenarios come to mind?


    ----
    rich
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Unless it's only the fake search bar that's displayed, triggered by a malicious script embedded into a legit site, which could be made to look similar or maybe exactly like those in common browsers like Chrome or Firefox. Iow, the legitimate web page might still be displayed, but the user's search terms are sent to the hacker's server, which could fool even a savvy user as the article suggests??

    I'm not sure if this is possible. Just a guess.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I would like to see what an exploit in the wild looks like, if and when one appears.

    The article states,

    It's hard to believe that this could occur on a legitimate page. Perhaps as a banner popup?

    On a redirected page, it would seem easy. The article states that you land on the perpetrator's page.

    As far as responding to a list of data/passwords to search, I would question why and where this request came from.

    So, it will be interesting to await the trickery involved in such an exploit!


    ----
    rich
     
    Last edited: Dec 3, 2012
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    So would I :)

    I agree. Even if the fake search bar looks authentic, I would think most users should clue in when a re-direct to a different page occurrs.

    For sure.

    We'll probably never see a real world example. Usually we're presented with lots of hype but no substance :(
     
Loading...
Thread Status:
Not open for further replies.