If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
A new browser-based attack is making the rounds with a rather innovative mode of attack. It tries to spread malicious links by hijacking end users’ clipboards!! What’s worse is that as of now, the attack infects only Firefox users with Internet ExploDer, oops I mean Explorer users seemingly unaffected!!
The attack, which had earlier this year been shown as a proof of concept (PoC), puts an almost-impossible-to-delete weblink into the clipboard that, if followed, leads people to a website selling fake security software.
The hijack code is executed through flash-based adverts which are commonly seen on many legitimate websites. The code seems to work by exploiting Adobe Flash files in such a way as to endlessly flush the clipboard of other text and constantly re-insert the malicious link in its place. Those following the link get taken to a page advertising a bogus anti-virus security program that erroneously tells people their machine is riddled with malicious software. Flash ads on popular sites such as msnbc.com are infected with the code, reported Firefox users on forums such as here, here and here (Windows users) and here (Mac users).
Victims have reported in discussion forums that a weblink appears in the clipboard in place of text they thought they place there.
Getting rid of the link has proved extremely problematic. Some report resorting to re-booting their machine to free themselves of it but others stopped it by simply killing the Firefox process thread (Through the taskmanager). More tech savvy users have begun posting ‘Hijack this‘ logs on forums and asking experts to analyze them to spot the code abnormalities.
“It’s an interesting attack, but doesn’t seem to be very widespread at the moment,” said Mikko Hypponen, chief research officer at security firm F-Secure. “I don’t remember seeing this before. However It is a pretty clever technique,” he said. “Our work would be so much easier if our enemy would be stupid.”
At the time of writing, the attack is NOT widespread and Firefox is definitely a safer bet for a secure browser!!
August 20th, 2008 at 5:25 pm
you mean that if i copy something in my clipboard…it can be seen by others ?
is there any site which is infected with this trouble…? i am keen to see that..
anyways the other day i was surfing metasploit site… do you know how the exploits run? am a lill confused
August 20th, 2008 at 6:40 pm
@ Bankim, wht happens is tht everytime u copy something (ctrl +C), the code flushes your data and replaces it with a weblink. So when U try to paste the copied data, only the link appears. If U copy some other data again, it gets flushed and replaced by the same link.
Try visiting the forums I’ve mentioned in the post for names of infected sites….msnbc is the most popular affected site (but I guess they’ve dis infected themselves)
Metasploit basically is an automated pen-testing development framework
For tutorials I’d suggest: http://www.irongeek.com/i.php?page=videos/metasploit1
and
http://www.ethicalhacker.net
these are kinda outdated but good to get a hang of metasploit!!
August 21st, 2008 at 1:41 am
thanks for the info navin
i will definitely follow that up…
August 22nd, 2008 at 6:31 am
nice videos… download some.. thanks
August 22nd, 2008 at 9:36 pm
cheers
August 23rd, 2008 at 12:04 am
alright, but this has been fixed now. i guess
August 23rd, 2008 at 2:11 am
3 days is a looooooong time in site management terms esp. for major sites like msnbc which have tech staff all over the world…. All major sites must have patched up by now but now tht this exploit has been discovered, it won’t be long before another attack takes place
August 23rd, 2008 at 11:15 pm
you’re right mate :).. these exploits remain there only for hours :)… anyways, looking forward to more posts on hacking mobile phones from ya
August 24th, 2008 at 8:50 pm
Hacking mobiles eh??
Tht’s something tht depends on perspective
What do u mean by hacking?? In mobiles even modding (changing the firmware) is considered hacking!!
or do U mean bluetooth jacking, OTS data stealing, keylogging etc etc etc
August 25th, 2008 at 3:31 am
dude, i was inaccurate
newbie …. anyways , i was looking forward to something that can help me change the IMEI on cellphones, a good tutorial would help… also is there a way by which the calls or sms can be spoofed ? am really intersted in learnin hw the whole thing works…
August 29th, 2008 at 11:37 am
what are U talking about?? IMEI…what is that??
August 30th, 2008 at 6:03 pm
@ Ratnani apne cellka IMEI kyon change karna chahte ho??It is possible, but i thought ki IMEI was changed by thieves who change it after they steal a cellphone.
UK mein tampering with IMEI gets U paanch saal ka Prison-time or dus hazaar pounds ka fine.seriously man!!
iPhone ke liye maine suna hai ki ZiPhone is the best tool for imei changing
See this tutorial:
http://www.iclarified.com/entry/comments.php?enid=657
August 30th, 2008 at 6:07 pm
@ sagar, welcome to GreyHatIndia
On a proxy eh?? smart boy!!
Read this:en.wikipedia.org/wiki/International_Mobile_Equipment_Identity
A very well written article tht’ll answer all ur doubts on IMEI
Also read http://www.wikihow.com/Find-the-IMEI-Number-on-a-Mobile-Phone
)
for methods on how to find IMEI of Ur cellphone (always note down Ur IMEI so tht if Ur cellphone gets stolen…u can block it considering ofcourse tht the thief doesn’t change it before U block it!!