A good friend of mine Anthony sent this today. I thought I will make everyone aware of this a well.
Click jacking has always been something of a not-so-useful attack due to the majority of sites that could be exploited using click jacking requiring some form of manual input. Not so anymore. The advent of the Facebook ‘Like this’ button and variants has given attackers a new way to exploit click-jacking by hiding a transparent “Like this” button over an apparent link or other button. When the user clicks what they think is a link or innocuous button, the “Like this” button receives the click instead and signs the user up as a fan of a malicious site. This works in two ways. First, it gives immediate access to profile information and pictures that are viewable by friends, as well as the names and account ids of your personal friends. Secondly, attackers are using these tricks to build fake trust by giving pages that have links to malware or other exploits thousands of “fans”. Once trust has been established, an attacker may attempt to trick users into installing a malicious Facebook app, visit a malicious website, or to post messages on the user’s wall to attempt to socially engineer the user’s friends into being compromised as well.
Another attack vector growing in popularity involves Trojan/malware that target the saved-password feature present in modern browsers. These attacks can be fairly sophisticated, examining the user’s browser history for likely targets then using injection techniques to get the browser to auto-fill the username and password fields in a hidden form which can then be read by the software. Other variants monitor the active browser tab for password fields and attempt to capture any automatically filled information when a user visits a site they have saved credentials for. Of these, a new malicious “do it yourself” tool known as Facebook Hacker is a very striking example of how these attacks are being commoditized. Facebook Hacker presents a simple configuration form for the attacker to fill in, and a build button which will take that configuration and build an executable that contains a variety of exploit modules designed to read the protected password stores of many modern browsers, Instant messaging clients, and email applications. There are also modules to enumerate the credentials for dialup and VPN connections. The captured data is transmitted over a TLS secured link to the configured repository. Along with the password gathering, Facebook Hacker presents an additional threat as it will attempt to disable recognised anti-virus applications, firewall software, and packet inspection systems, leaving the compromised computer vulnerable to infections from other sources.
A recent study reported that of the samples captured information, 75% of users use the same password for email and other applications. For security purposes, it is highly recommended that at the minimum users should have separate passwords for all sensitive applications and only use a common password for services that do not contain sensitive or personally identifiable information. Passwords can be constructed using a scheme that incorporates the purpose of the password allowing for complex but easily remembers passwords to be used for different sensitive services.
No comments:
Post a Comment