Caution Advised Again!

osmethod · 13-03-2005 9:41pm #1

Another spyware methodology to be aware of....

http://www.vitalsecurity.org/2005/03/firefox-spyware-infects-ie.html

osmethod

jor el · 14-03-2005 2:37pm

Being a curious soul, I agreed to the install...

And therein lies the problem. He agreed to install third party extensions from a random website. Never agree to installing software unless you are absolutely sure you know what it is.

With a name like 'Integrated Search Technologies' you could be fairly sure it's something you don't want. A lot of spyware advertises itself as some sort of search engine.

The_B_Man · 14-03-2005 2:52pm

Neil Diamond! i should've known!

Chalk · 14-03-2005 3:00pm

what a gobsheen.
this app. is untrusted etc.
look at the image he gives, firefox has STOPPED this page installing sh1t, click here to install anyway..
so he installed an app that fecked ie, just because he ahd firefoc open automatically makes it firefoxes fault?

if he got it in am email would he blame outllok?
no, hes a idiot, who got screwed by some doftware he isntalled, not the borwser he uses

groan, motherfugger

condra · 14-03-2005 11:29pm

dude he wasnt having a pop at firefox.. jesus.. firefox users omfg hahah .. its only a browser man ..
I thought it was a very interesting article.

ressem · 15-03-2005 10:14am

What is the issue here? Just a request that people are informed in the dialog box about the danger of untrusted signed applets? Or the lack of trusted/untrusted security zones in Firefox?

Signed applets are allowed file write access, unsigned applets are not. So the applet could easily have done anything, including inserting spyware extensions into firefox presumably, or replacing firefox itself with a trojan version, assuming the user has permission.

Hobbes · 15-03-2005 10:30am

It could of done anything. When I read the piece first I thought it was something serious, but after reading the main article it is nothing but someone trying to make something out of nothing.

The person got what, 3 warnings. They could of clicked more information. Just clicking yes to anything on the internet is asking for trouble.

Boro · 15-03-2005 12:04pm

Did you guys actually read to the bottom of the article?

Update - to prevent any more people posting the same thing in the "comments" section, I'd like to point out that the main point of the above article is to highlight the fact that a new kind of exploit is infecting IE / the OS through Java when using an alternative browser such as FF / Netscape.

Yes, I am aware that "bad things will happen" when you click "yes" to something - that was kind of the whole point of the test, because most spyware installs occur when someone clicks "yes" to something they shouldn't have. The article is illustrating what happens when an end-user blindly agrees to something, however the point is IE being infected when not in use at the time, not the social engineering aspects of the install.

osmethod · 15-03-2005 12:08pm

Well spotted Boro...

osmethod

Chalk · 15-03-2005 12:13pm

i still dont see his point.

any file can be infected whether its in use or not once the infection gets onto the sytem.

ressem · 15-03-2005 1:29pm

I read it.
IE can have its settings manipulated by a rogue executable with file write access? So? Same goes for most other programs installed on that machine. If the browser user was running with admin privilege, it could probably corrupt any linux partitions on the same machine, even though linux wasn't running at the time (though it might have to take a roundabout route).

How is this different to clicking on a link in any browser, being prompted that you're downloading an unsigned exe, and opening anyways.

Boro · 15-03-2005 1:34pm

To quote again :

though it doesn't take a genius to work out that if "The Browser you Can Trust" now has to keep one eye on its older, slightly clumsier brother as well as watch its own back then there's a very good chance its tail could be getting ready for the mother of all burnings.

It might not be the most dangerous issue to raise its head, but it shows a shift in the targetting methods of the ad-dealers. Its just something to be aware of rather than scaremongering.

ressem · 15-03-2005 2:33pm

Fair enough wrt your argument:
I think that the authors summing up in that quote is nonsense though.

If we're talking about dealing with this on a professional level then the solution is to go to Java Control Panel/ Advanced/ Security and deselect the appropriate checkboxes from the top two to suit the user: allow users to grant permissions to signed content. Allow user to grant permission to content from an untrusted authority.

(And just block 'em all at the firewall)

At least Suns JRE asks you. That's the design decision that they chose. A little security in the form of that dialog at the expense of transparency.

And it is Sun's issue, not the browsers, unless you want the browser to include a firewall.

Caution Advised Again!

Comments