Skip Links

Researcher warns "zombie browsers" are skyrocketing

Malicious brower extensions ae skyrocketing, says IT security consultant Zoltan Balazs

By , Network World
October 31, 2012 01:34 PM ET

Network World - MIAMI -- Some Web browsers can be tricked into using so-called "malicious extensions" that can give hackers the ability to hijack the user's session, spy on webcams, upload and download files, and in the newer mobile-device area, hack into Google Android phones.

Zoltan Balazs, IT security consultant at Deloitte Hungary, spoke about the topic he calls "zombie browsers" during this week's Hacker Halted Conference in Miami. He said up until a year ago, only 10 of these browser malicious extensions were known to exist, but this year has seen 49 new ones already. "It's skyrocketing," Balazs noted, and he faulted the anti-virus vendors for allegedly not addressing the issue at all.

Researcher shares blow-by-blow account of advanced persistent threat

"Even after two years, none of the anti-virus vendors detect these," he said, saying he's issuing a plea for them "to try harder on detecting malicious extensions."

In his talk, Balazs explained how malicious extensions in Firefox, Chrome and Safari have been created by attackers that try to get them added to the user's browser through Web-based drive-by downloads or infected attachments. The result might be giving the attacker a way to steal data or spy on you, he said.

In terms of advice to companies concerned their user base might fall victim to this, he said setting controls on applications can help, plus in Chrome it's possible to control the extensions the user can use.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News