Skip to comments.
New browser attack lets hackers run bad code even after users leave a web page
ZDNet ^
| February 25, 2019
| By Catalin Campanu
Posted on 02/25/2019 1:35:50 PM PST by Swordmaker
Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected
This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (cryptojacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said. . .
(Excerpt) Read more at zdnet.com ...
TOPICS: Business/Economy; Computers/Internet
KEYWORDS: android; applepinglist; browsersecurity; chrome; firefox; internet; ios; linux; microsoft; tech; windows
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81-88 next last
The key to avoiding the worst of this is regularly quitting your browsers and starting them up from scratch. Dont allow them to continue running in the background while you do other things or your computer or device sleeps or hibernates. Do you browsing and QUIT the browser. On restarting, dont let your browser reload previous tabs on restarting.
To: Swordmaker
All it takes is a little Windex.
2
posted on
02/25/2019 1:44:51 PM PST
by
ImJustAnotherOkie
(All I know is what I read in the papers.)
To: dayglored; ShadowAce; ThunderSleeps; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; ...
Multi platform, multi browser vulnerability survives leaving webpage and can produce huge cross platform bot nets. Affects Windows, Macs, Android. iOS, and Linux machines using the majority of modern browsers using an extremely hard to detect new modality of attack on the Internet websites. PING! Pinging dayglored, ShadowAce, and ThunderSleeps for your lists.
Cross platform and browser vulnerability Ping!
If you want on or off the Mac Ping List, Freepmail me.
3
posted on
02/25/2019 1:45:59 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
To: ImJustAnotherOkie
Didnt bother to read the article before posting a dismissive comment, huh?
4
posted on
02/25/2019 1:49:39 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
To: ImJustAnotherOkie
All it takes is a little Windex. And a cloth.....or something.
5
posted on
02/25/2019 1:51:06 PM PST
by
Windflier
(Pitchforks and torches ripen on the vine. Left too long, they become black rifles.)
To: Swordmaker
"Academics from Greece have devised a new browser-based attack" Academics? I have to believe that something's been lost in translation there.
6
posted on
02/25/2019 1:54:08 PM PST
by
Windflier
(Pitchforks and torches ripen on the vine. Left too long, they become black rifles.)
To: Swordmaker
Will caching be a path to exposure, and perhaps launching the browser in the background without user noticing?
7
posted on
02/25/2019 1:59:23 PM PST
by
SgtHooper
(If you remember the 60's, YOU WEREN'T THERE!)
Comment #8 Removed by Moderator
To: ImJustAnotherOkie
One thing I learned from coding with Visual Basic for Applications was that I could create a popup box that said anything I wanted and did whatever I wanted when clicked.
So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I won’t click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen.
9
posted on
02/25/2019 2:08:34 PM PST
by
sparklite2
(Don't mind me. I'm just a contrarian.)
To: Swordmaker
10
posted on
02/25/2019 2:13:02 PM PST
by
grey_whiskers
(The opinions are solely those of the author and are subject to change with out notice.)
To: Swordmaker
11
posted on
02/25/2019 2:13:21 PM PST
by
BipolarBob
(GOVERNMENT: If you think the problems we create are bad, wait until you see our solutions.)
To: Swordmaker
“Neither the original MarioNet attack or the subsequent botnet operations require attackers to exploit browser vulnerabilities, but merely abuse existing JavaScript execution capabilities and new HTML5 APIs.”
So much for HTML5 being safer than Flash.
As for Java Script it is better to block it on any site that you don’t trust. If can’t read the site without it then just leave the site. Nothing is more dangerous than JavaScript.
12
posted on
02/25/2019 2:51:14 PM PST
by
Revel
To: sparklite2
"So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I wont click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen."
Good tip. Thanks - if you click on anything you really don't know what you're authorizing.
13
posted on
02/25/2019 3:10:25 PM PST
by
Tunehead54
(Nothing funny here ;-)
To: SgtHooper
Will caching be a path to exposure, and perhaps launching the browser in the background without user noticing? Very doubtful. These are scripts and in app services that run only within the browser. Most browsers are sandboxed and cannot start separate apps. . . especially after termination. Caches are generally not a memory location where anything can be executed. I.E. non-executable memory locations which the hardware wont use to run any apps or executable files.
14
posted on
02/25/2019 3:25:31 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
To: sparklite2
So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I wont click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen.
*******************************************************************
In Safari when that situation arises, I simply close out the tab. Am I accomplishing the same thing?
15
posted on
02/25/2019 3:26:52 PM PST
by
House Atreides
(Boycott the NFL 100% — PERMANENT)
To: sparklite2; ImJustAnotherOkie
So when I see a popup that says, for example, Do You Really Want To Leave This Site, unless I trust the site, I wont click it. You could be authorizing the server to do all kinds of crap. Better to go in your taskbar and click X on that screen. The problem with this is it doesnt require the user to do anything to launch the malware and clicking the close window or tab has no effect on the fact the malware had been already launched in the background of your browsers environment. The ONLY current solution is to quit the browser and NOT revisit the website that has that infection script included when you restart the browser, whether automatically reloading last opened tabs, or the user goes back to the website intentionally. . . And apparently theres no way to easily know if any website (or an ad on the website) has infected your browser!
16
posted on
02/25/2019 3:32:58 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
To: House Atreides
I’d think so. The popup usually locks up your screen until you deal with it. If you can exit the screen by closing the tab, it should be okay.
17
posted on
02/25/2019 3:33:40 PM PST
by
sparklite2
(Don't mind me. I'm just a contrarian.)
To: grey_whiskers
18
posted on
02/25/2019 3:34:08 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
To: Swordmaker
The problem with this is it doesnt require the user to do anything to launch the malware
If the host can launch malware whether you click a popup or not, then the only thing you have to do is be there to be infected, and there’s no way to know it’s happened.. That’s some deadly stuff.
19
posted on
02/25/2019 3:37:43 PM PST
by
sparklite2
(Don't mind me. I'm just a contrarian.)
To: Tunehead54
Good tip. Thanks - if you click on anything you really don't know what you're authorizing. Unfortunately, it doesnt help because these vulnerabilities dont require the user to do anything except navigate to a website that has a script that will infect your browser by invoking browser services maliciously. . . Or it could be on a users frequently used website and the script comes in on a rotation advertisement from Google. No authorization required.
20
posted on
02/25/2019 3:40:04 PM PST
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81-88 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson