Articles & Presentations

Friday, January 25, 2013

(W) Browser Plug-Ins act as Malware launchers




Ever wonder about plug-ins that are forced on you, I mean included in the install of Java, Adobe or many other applications that annoy us asking "Do you want this toolbar which has NOTHING to do with the application you're installing, possibly installed without you knowing it cuz i'm sneaky?"

This particular Adware/Malware uses The Ask, Bing, Weather and other browser plug-ins to launch additional files to do nefarious things. These seemingly helpful utilities actually add additional risk by allowing an easy exploit entry point by adding a modify crafted support .DLL that points to additional malware files infecting your system, adding a backdoor or worse.

Similar to DLL injection, just dropping additional files could totally P0wn your system. Just avoid miscellaneous plug-ins you don't need and refuse them when installing ANY software offering an unrelated plug-in and PLEASE tell the vendors "I won't use your damn product (cough cough Java, Adobe) if you continue to do this". I've had enough and NOT going to take it anymore!!!!

SecureList Evaluation of AdWare/Malware Win32.Gamevance.hfti

#InfoSec #BadPlugIns