Full Disclosure mailing list archives
Hacking AutoUpdate by Injecting Fake Updates
From: "Adam Behnke" <adam () infosecinstitute com>
Date: Tue, 3 Apr 2012 09:01:53 -0500
We all know that hackers are constantly trying to steal private information by getting into the victim's system, either by exploiting the software installed in the system or by some other means. By performing routine updates for their software, consumers can protect themselves, patching known vulnerabilities and therefore greatly reducing the chance of getting hacked. Commonly used software, such as MS Office, Adobe Flash and PDF reader (as well as the browsers themselves) are the major targets for exploits if left unpatched. In the past, fake patches for Firefox, IE, etc. displayed messages informing users that updated versions for a plugin or the browser were available, prompting the user to update their software. For example, the page will tell the user that updating their Flash version is critical. Once the user clicks the fake update, it will download malicious content (like, for example, the Zeus Trojan) to the victim's computer, as well as perhaps a rogue anti-virus, asking the user to pay in order to remove the infections. Similar attacks have been done in the past for various browsers, too. When you think about it, how many people are really cautious about the updates, the type of update or the link from where they are downloading and installing the update? Obviously, there are very few people that are really cautious and vigilant about updates, therefore making the success rates for those exploiting the users high. Read more about how to perform a few different AutoUpdate man-in-the-middle attacks that work against Java, AppleUpdate, Google Analytics, Skype, Blackberry and more: http://www.ethicalhacking.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Hacking AutoUpdate by Injecting Fake Updates Adam Behnke (Apr 03)
- Re: Hacking AutoUpdate by Injecting Fake Updates Charles Morris (Apr 03)