< Monthly Patch Release Schedules: Do the Risks outweigh the Benefits? | InetVis Network Security Traffic Visualisation >
Jul 25

Detailed Browser Attack

Security No comments »
Security

HD Moore has a detailed analysis of a site exploiting browsers. It is a good read with detail we don't often see. Including a breakdown of the kind of revenue these sites pull.

Most interestingly it provide a a nice quotation as to why "safe browsing habits" are a load of phooey, something that has always, bugged me about Microsoft's oft-cited remediation.

A common myth is that the only way to get hit by a browser exploit is to visit "bad" web sites. The reality is that it only takes a single line of Javascript code to send your browser off to the darker areas of the Internet. Many respectable web sites are inadvertently allowing attackers to target their users. Just last week, the media covered an example where a MySpace banner ad resulted in over one million malware infections. This banner ad redirected the user to a malicious WMF file, that when opened, installed an adware application. A similar attack occurred on the LiveJournal network just a couple months earlier. In both cases, the web site operators were not aware that the attacks were occurring until someone complained.

Posted by Dominic White

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

0 Comments

Display comments as(Linear | Threaded)
  1. No comments

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA