Want to create a huge botnet to distribute malware, pump out spam, crack passwords or knock your enemy’s website offline?
Don’t bother with designing malware to break into strangers’ computers. Instead, say two researchers, all you need to do is spend a few bucks buying online ads, which can hijack tens of thousands of Web browsers across the world — no hacking required.
Last month at the Black Hat security conference in Las Vegas, Jeremiah Grossman and Matt Johansen, the founder/chief technology officer and threat-research manager of White Hat Security in Santa Clara, Calif., showed how an online ad network could be used to create what they called a “million browser botnet.”
“There’s no malware to detect, no exploits,” Grossman said. “We’re not really hacking stuff. We are using the Web the way it was meant to be used.”
The World Wide Web is a fundamentally insecure system, Grossman and Hansen explained. Browsers are designed to serve you as much data as possible without authentication, and nowhere is that more true than with online ads.
“When you visit a Web page,” Grossman said, “by nature of the way the Web works, it has near-complete control of your browser for as long as you are at that Web page … The JavaScript or Flash on that page can force your browser to do basically whatever it wants.”
Grossman and Johansen showed how HTML and JavaScript, the programming languages underlying most Web pages, could be used to probe Web browsers for user settings and login information, force browsers to attack websites in several different ways, break into corporate networks or spread malware.
The problem with these attacks, however, is that they are limited in scope. Whether you’re distributing the evil code through a highly trafficked site, search-engine poisoning or third-party widgets such as weather trackers, you’re not going to attain the critical mass for a truly efficient browser-based botnet.
“We need to think bigger,” the researchers said, then quoted JavaScript pioneer Douglas Crockford: “The most reliable, cost-effective method to inject evil code is to buy an ad.”
Ads: the perfect malware distribution system
There are nearly two dozen major ad networks, Grossman and Johansen said, but most of them won’t let ad suppliers include code with their ads. However, there are hundreds of smaller ones that don’t ask as many questions.
The Latest Bing News on:
Browser Botnet
- Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Deliveryon May 9, 2024 at 4:04 am
Ivanti Connect Secure (ICS) devices are under attack! Two critical vulnerabilities are being exploited to deploy the notorious Mirai botnet.
- New Botnet 'Goldoon' Targets D-Link Deviceson May 3, 2024 at 1:11 pm
Hackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." ...
- What’s in antivirus software? All the pieces you may need (or not)on May 1, 2024 at 3:40 am
In the days of tech yore, antivirus software was just that. You installed the application and let it scan your system for malware. But as protecting your PC became more complicated, vendors slowly ...
- What is ‘credential stuffing’ and how do you defend against it?on April 29, 2024 at 7:20 am
Credential stuffing is on the rise amongst cybercriminals. It's easy to pull off - and, thankfully, relatively easy to fight off.
- Moldovan charged for operating botnet used to push ransomwareon April 17, 2024 at 7:53 am
The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States. Also known ...
- Multiple botnets exploiting one-year-old TP-Link flaw to hack routerson April 17, 2024 at 2:03 am
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. Tracked as ...
- Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attackson April 16, 2024 at 5:01 pm
A number of botnets are pummeling a nearly year-old command-injection vulnerability in TP-Link routers to compromise the devices for IoT-driven distributed denial of service (DDoS) attacks.
- eScan botnet cleaning tool available for free: Here’s how to get iton April 12, 2024 at 4:45 pm
To secure the nation's digital landscape, “Cyber Swachhta Kendra” (CSK) under CERT-In aims to create a secure cyberspace by detecting botnet infections in India and to notify, enable cleaning ...
- Password-cracking botnet has taken over WordPress sites to attack using the visitor's browseron March 8, 2024 at 6:03 pm
As reported by Ars Technica, cybersecurity researcher Denis Sinegubko has been monitoring ongoing website hacking activities for a long time. Now, he has identified a major pivot from crypto ...
- 10 Disruptive DDoS Attack Trends To Watch In 2021on September 10, 2021 at 7:19 am
Botnets like Mozi try to infect machines with ... new protocols that are more difficult to defend against and having the browser speak to the web server to receive the latest content from webpages ...
The Latest Google Headlines on:
Browser Botnet
[google_news title=”” keyword=”Browser Botnet” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
The Latest Bing News on:
Browser-based botnet
- Google just patched a zero-day Chrome exploit, update your browser asapon May 10, 2024 at 11:55 am
Google has released a patch for the desktop Chrome browser that fixes a zero-day security flaw called a user after free exploit.
- Ivanti vulnerabilities leveraged for Mirai botnet distributionon May 10, 2024 at 6:42 am
Threat actors have leveraged Ivanti Connect Secure and Policy Secure zero-day vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, to facilitate the deployment of the Mirai botnet, reports ...
- Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Deliveryon May 9, 2024 at 4:04 am
Ivanti Connect Secure (ICS) devices are under attack! Two critical vulnerabilities are being exploited to deploy the notorious Mirai botnet.
- New Botnet 'Goldoon' Targets D-Link Deviceson May 3, 2024 at 1:11 pm
Hackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." ...
- Old vulnerable D-Link routers subjected to novel Goldoon botnet attackson May 2, 2024 at 5:00 pm
Attacks with the novel Goldoon botnet have been deployed against vulnerable D-Link ... for his involvement in the far-reaching ransomware attack against Florida-based software firm Kaseya in 2021, ...
- What’s in antivirus software? All the pieces you may need (or not)on May 1, 2024 at 3:40 am
In the days of tech yore, antivirus software was just that. You installed the application and let it scan your system for malware. But as protecting your PC became more complicated, vendors slowly ...
- What is ‘credential stuffing’ and how do you defend against it?on April 29, 2024 at 7:20 am
Credential stuffing is on the rise amongst cybercriminals. It's easy to pull off - and, thankfully, relatively easy to fight off.
- Moldovan charged for operating botnet used to push ransomwareon April 17, 2024 at 7:53 am
The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States. Also known ...
- Multiple botnets exploiting one-year-old TP-Link flaw to hack routerson April 17, 2024 at 2:03 am
"Recently, we observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent "AGoent," and the Gafgyt Variant." - Fortinet Each ...
- Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attackson April 16, 2024 at 5:01 pm
But since then other botnets as well as various Mirai variants also have taken siege against vulnerable devices. One is Agoent, a Golang-based agent bot that attacks by first fetching the script ...
The Latest Google Headlines on:
Browser-based botnet
[google_news title=”” keyword=”browser-based botnet” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]