Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

New browser attack lets hackers run bad code even after users leave a web page
ZDNet ^ | February 25, 2019 | By Catalin Campanu

Posted on 02/25/2019 1:35:50 PM PST by Swordmaker

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected

This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (cryptojacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said. . .



(Excerpt) Read more at zdnet.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: android; applepinglist; browsersecurity; chrome; firefox; internet; ios; linux; microsoft; tech; windows
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-88 next last
The key to avoiding the worst of this is regularly quitting your browsers and starting them up from scratch. Don’t allow them to continue running in the background while you do other things or your computer or device sleeps or hibernates. Do you browsing and QUIT the browser. On restarting, don’t let your browser reload previous tabs on restarting.
1 posted on 02/25/2019 1:35:50 PM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: Swordmaker

All it takes is a little Windex.


2 posted on 02/25/2019 1:44:51 PM PST by ImJustAnotherOkie (All I know is what I read in the papers.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored; ShadowAce; ThunderSleeps; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; ...
Multi platform, multi browser vulnerability survives leaving webpage and can produce huge cross platform bot nets. Affects Windows, Macs, Android. iOS, and Linux machines using the majority of modern browsers using an extremely hard to detect new modality of attack on the Internet websites. —PING!

Pinging dayglored, ShadowAce, and ThunderSleeps for your lists.


Cross platform and browser vulnerability Ping!

If you want on or off the Mac Ping List, Freepmail me.

3 posted on 02/25/2019 1:45:59 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ImJustAnotherOkie

Didn’t bother to read the article before posting a dismissive comment, huh?


4 posted on 02/25/2019 1:49:39 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: ImJustAnotherOkie
All it takes is a little Windex.

And a cloth.....or something.

5 posted on 02/25/2019 1:51:06 PM PST by Windflier (Pitchforks and torches ripen on the vine. Left too long, they become black rifles.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker
"Academics from Greece have devised a new browser-based attack"

Academics? I have to believe that something's been lost in translation there.

6 posted on 02/25/2019 1:54:08 PM PST by Windflier (Pitchforks and torches ripen on the vine. Left too long, they become black rifles.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Will caching be a path to exposure, and perhaps launching the browser in the background without user noticing?


7 posted on 02/25/2019 1:59:23 PM PST by SgtHooper (If you remember the 60's, YOU WEREN'T THERE!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

This article was written either by an illiterate or a machine, which shows you the state of commercial IT tech writing today. The kind of sloppiness and carelessness and low standards that have been characteristic of many IT companies and big business labs has morphed into illiteracy worthy of the Daily Mail. Does anyone wonder that there is so much invasion, intrusion and criminal use of information in this industry? It starts with the indifference of most in the industry to anything besides monetizing their product.
Oh well this was done by academics so I am not going to worry about it.


8 posted on 02/25/2019 2:06:40 PM PST by malach (We live in interesting times)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ImJustAnotherOkie

One thing I learned from coding with Visual Basic for Applications was that I could create a popup box that said anything I wanted and did whatever I wanted when clicked.

So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I won’t click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen.


9 posted on 02/25/2019 2:08:34 PM PST by sparklite2 (Don't mind me. I'm just a contrarian.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker

Merde.


10 posted on 02/25/2019 2:13:02 PM PST by grey_whiskers (The opinions are solely those of the author and are subject to change with out notice.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

it’s Greek to me.


11 posted on 02/25/2019 2:13:21 PM PST by BipolarBob (GOVERNMENT: If you think the problems we create are bad, wait until you see our solutions.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Swordmaker

“Neither the original MarioNet attack or the subsequent botnet operations require attackers to exploit browser vulnerabilities, but merely abuse existing JavaScript execution capabilities and new HTML5 APIs.”

So much for HTML5 being safer than Flash.

As for Java Script it is better to block it on any site that you don’t trust. If can’t read the site without it then just leave the site. Nothing is more dangerous than JavaScript.


12 posted on 02/25/2019 2:51:14 PM PST by Revel
[ Post Reply | Private Reply | To 1 | View Replies]

To: sparklite2
"So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I won’t click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen."
Good tip. Thanks - if you click on anything you really don't know what you're authorizing.
13 posted on 02/25/2019 3:10:25 PM PST by Tunehead54 (Nothing funny here ;-)
[ Post Reply | Private Reply | To 9 | View Replies]

To: SgtHooper
Will caching be a path to exposure, and perhaps launching the browser in the background without user noticing?

Very doubtful. These are scripts and in app services that run only within the browser. Most browsers are sandboxed and cannot start separate apps. . . especially after termination. Caches are generally not a memory location where anything can be executed. I.E. non-executable memory locations which the hardware won’t use to run any apps or executable files.

14 posted on 02/25/2019 3:25:31 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: sparklite2

So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I won’t click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen.
*******************************************************************
In Safari when that situation arises, I simply close out the tab. Am I accomplishing the same thing?


15 posted on 02/25/2019 3:26:52 PM PST by House Atreides (Boycott the NFL 100% — PERMANENT)
[ Post Reply | Private Reply | To 9 | View Replies]

To: sparklite2; ImJustAnotherOkie
So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I won’t click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen.

The problem with this is it doesn’t require the user to do anything to launch the malware and clicking the close window or tab has no effect on the fact the malware had been already launched in the background of your browser’s environment. The ONLY current solution is to quit the browser and NOT revisit the website that has that infection script included when you restart the browser, whether automatically reloading last opened tabs, or the user goes back to the website intentionally. . . And apparently there’s no way to easily know if any website (or an ad on the website) has infected your browser!

16 posted on 02/25/2019 3:32:58 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: House Atreides

I’d think so. The popup usually locks up your screen until you deal with it. If you can exit the screen by closing the tab, it should be okay.


17 posted on 02/25/2019 3:33:40 PM PST by sparklite2 (Don't mind me. I'm just a contrarian.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: grey_whiskers
Merde.

Exactly.

18 posted on 02/25/2019 3:34:08 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Swordmaker

The problem with this is it doesn’t require the user to do anything to launch the malware


If the host can launch malware whether you click a popup or not, then the only thing you have to do is be there to be infected, and there’s no way to know it’s happened.. That’s some deadly stuff.


19 posted on 02/25/2019 3:37:43 PM PST by sparklite2 (Don't mind me. I'm just a contrarian.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Tunehead54
Good tip. Thanks - if you click on anything you really don't know what you're authorizing.

Unfortunately, it doesn’t help because these vulnerabilities don’t require the user to do anything except navigate to a website that has a script that will infect your browser by invoking browser services maliciously. . . Or it could be on a user’s frequently used website and the script comes in on a rotation advertisement from Google. No authorization required.

20 posted on 02/25/2019 3:40:04 PM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 13 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-88 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson