Full Disclosure mailing list archives

Re: Hacking AutoUpdate by Injecting Fake Updates

From: Charles Morris <cmorris () cs odu edu>
Date: Wed, 4 Apr 2012 02:31:31 -0400

Welcome to 2002

On Tue, Apr 3, 2012 at 10:01 AM, Adam Behnke <adam () infosecinstitute com> wrote:

We all know that hackers are constantly trying to steal private information
by getting into the victim's system, either by exploiting the software
installed in the system or by some other means. By performing routine
updates for their software, consumers can protect themselves, patching known
vulnerabilities and therefore greatly reducing the chance of getting hacked.

Commonly used software, such as MS Office, Adobe Flash and PDF reader (as
well as the browsers themselves) are the major targets for exploits if left
unpatched. In the past, fake patches for Firefox, IE, etc. displayed
messages informing users that updated versions for a plugin or the browser
were available, prompting the user to update their software. For example,
the page will tell the user that updating their Flash version is critical.
Once the user clicks the fake update, it will download malicious content
(like, for example, the Zeus Trojan) to the victim's computer, as well as
perhaps a rogue anti-virus, asking the user to pay in order to remove the
infections. Similar attacks have been done in the past for various browsers,
too.

When you think about it, how many people are really cautious about the
updates, the type of update or the link from where they are downloading and
installing the update? Obviously, there are very few people that are really
cautious and vigilant about updates, therefore making the success rates for
those exploiting the users high.

Read more about how to perform a few different AutoUpdate man-in-the-middle
attacks that work against Java, AppleUpdate, Google Analytics, Skype,
Blackberry and more: http://www.ethicalhacking.com







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Hacking AutoUpdate by Injecting Fake Updates Adam Behnke (Apr 03)
- Re: Hacking AutoUpdate by Injecting Fake Updates Charles Morris (Apr 03)