How a botnet works: 1. A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a malicious application — the bot. 2. The bot on the infected PC logs into a particular command and control (C&C) server (often an IRC server, but, in some cases a web server). 3. A spammer purchases access to the botnet from the operator. 4. The spammer sends instructions via the IRC server to the infected PCs, causing them to send out spam messages to mail servers. (Photo credit: Wikipedia)
Want to create a huge botnet to distribute malware, pump out spam, crack passwords or knock your enemy’s website offline?
Don’t bother with designing malware to break into strangers’ computers. Instead, say two researchers, all you need to do is spend a few bucks buying online ads, which can hijack tens of thousands of Web browsers across the world — no hacking required.
Last month at the Black Hat security conference in Las Vegas, Jeremiah Grossman and Matt Johansen, the founder/chief technology officer and threat-research manager of White Hat Security in Santa Clara, Calif., showed how an online ad network could be used to create what they called a “million browser botnet.”
“There’s no malware to detect, no exploits,” Grossman said. “We’re not really hacking stuff. We are using the Web the way it was meant to be used.”
The World Wide Web is a fundamentally insecure system, Grossman and Hansen explained. Browsers are designed to serve you as much data as possible without authentication, and nowhere is that more true than with online ads.
“When you visit a Web page,” Grossman said, “by nature of the way the Web works, it has near-complete control of your browser for as long as you are at that Web page … The JavaScript or Flash on that page can force your browser to do basically whatever it wants.”
Grossman and Johansen showed how HTML and JavaScript, the programming languages underlying most Web pages, could be used to probe Web browsers for user settings and login information, force browsers to attack websites in several different ways, break into corporate networks or spread malware.
The problem with these attacks, however, is that they are limited in scope. Whether you’re distributing the evil code through a highly trafficked site, search-engine poisoning or third-party widgets such as weather trackers, you’re not going to attain the critical mass for a truly efficient browser-based botnet.
“We need to think bigger,” the researchers said, then quoted JavaScript pioneer Douglas Crockford: “The most reliable, cost-effective method to inject evil code is to buy an ad.”
Ads: the perfect malware distribution system
There are nearly two dozen major ad networks, Grossman and Johansen said, but most of them won’t let ad suppliers include code with their ads. However, there are hundreds of smaller ones that don’t ask as many questions.
The Latest Bing News on:
Browser Botnet
- LockDown Browser is not working [Fixed]on January 30, 2023 at 3:02 pm
It can be frustrating when the LockDown browser is not working on your Windows PC. The Respondus LockDown Browser disables all other applications on your computer so that you can’t access any ...
- My browser is super slow, how do I fix it?on January 28, 2023 at 4:27 pm
This is likely because your browser is too slow, and there are multiple reasons why this could be happening. The good news is there are ways for you to fix the issue. CLICK TO GET KURT’S ...
- The Definitive Browser Security Checkliston January 25, 2023 at 6:51 am
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago ...
- What Makes a Web Browser Secure? Look for These Featureson January 25, 2023 at 6:01 am
Most browsers claim to care about your security, but that doesn't mean they do (especially out of the box). Here are some features to find and enable.
- The best web browsers for 2023on January 23, 2023 at 7:00 am
All web browsers have the same basic function, and yet, the choice between them has always been one of the most contentious in tech history. You have more options these days than ever before, ...
- The Complete Guide to Private Browserson January 22, 2023 at 4:00 pm
A lot of browsers claim to be private, with incognito modes that erase your search history. But if you look closer, you’ll find that while your internet service provider (ISP) can still see everything ...
- Best Android browsers in 2023on January 19, 2023 at 8:58 am
The best Android browsers allow you to customize your web-browsing experience on mobile in much the same way that Android allows you to fine-tune the look and feel of your home screen. While we ...
- The best browser gameson January 18, 2023 at 7:50 am
They may not have the flashiest graphics, but these browser games make up for it in pure fun. Browser games require almost no effort to get going, and there's almost certainly something for everyone.
- How to remove the Wave Browser viruson January 17, 2023 at 4:00 pm
The Wave browser is a potentially unwanted program (PUP) that installs what looks just like Google Chrome. However, it’s entirely different software that is designed to display unwanted ads and ...
- How to Create a Custom Web Browser with Nyxton January 16, 2023 at 12:25 am
Nyxt is a lightweight modern web browser that focuses on functionality, usability and extensibility. It borrows concepts from both Emacs and Vim to provide a way to navigate the web with only your ...
The Latest Google Headlines on:
Browser Botnet
[google_news title=”” keyword=”Browser Botnet” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
The Latest Bing News on:
Browser-based botnet
- How Does a Botnet Attack Work?on January 23, 2023 at 9:13 am
Cybersecurity analysts must consider botnet attacks among classic ransomware and phishing ... of IRC because hackers masked it as typical internet usage. This client-based system was risky since it ...
- browser based toolon January 1, 2023 at 4:00 pm
However, if it works well, the promise is not just that you can write browser-based applications in Python — you’ll have a handy way to reuse existing Python code and even be able to run the ...
- Lightweight Webkit Based Browserson December 30, 2022 at 4:00 pm
Enter the lightweight Webkit based browsers: Arora and Midori. Arora and Midori are relative newcomers to the browser wars, but each offers a great alternative to Firefox, especially for netbooks.
- A world of music and podcasts at your fingertips.on April 16, 2022 at 6:22 pm
Opera makes switching web browsers easy, on any operating system for desktop or mobile. We help you import the data you want from your old browser so you can continue browsing the internet without ...
- Get Opera Browser for any deviceon November 29, 2021 at 4:14 pm
This is Opera’s flagship browser - the very best personal browsing experience for your mobile device. Its award-winning design is packed with features that give you enhanced online privacy, save you ...
- Category:Web browsers based on Firefoxon September 15, 2020 at 5:37 pm
{{bottomLinkText}} This page is based on a Wikipedia article written by contributors (read/edit). Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio ...
- Zero Download, Browser-Based Meetings for Everyoneon August 14, 2020 at 2:32 pm
Intelligent Join™ allows meeting hosts to preconfigure their meeting invitations to automatically place participants into browser-based meetings. This intelligent feature bypasses download requests ...
- Metulji botneton April 20, 2020 at 11:13 am
{{bottomLinkText}} This page is based on a Wikipedia article written by contributors (read/edit). Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio ...
- Botnet de IoT (botnet de internet de las cosas)on April 12, 2018 at 9:08 pm
Una botnet de IoT (botnet de internet de las cosas) es un grupo de computadoras hackeadas, dispositivos inteligentes y dispositivos conectados a internet que han sido cooptados con fines ilícitos.
- Global Strikeon February 5, 2015 at 6:14 am
Global Strike is a plugin-free, free-to-play, fully 3D browser-based shooter inspired by the classic era of FPS gaming. Featuring realistic weaponry, massive environments, multiple frenetic game modes ...
The Latest Google Headlines on:
Browser-based botnet
[google_news title=”” keyword=”browser-based botnet” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
