Computerworld - A new, incredibly sneaky identity-theft tactic surfaced earlier this week when Mozilla's Aza Raskin, the creative lead of Firefox, unveiled what's become known as "tabnapping." Show
Stated simply, tabnapping -- from the combination of "tab" and "kidnapping" -- could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs. All of the major browsers on Windows and Mac OS X are vulnerable to the attack. Because most people keep multiple tabs open, often for long periods, and because they trust that the contents and label of a tab are immutable, tabnapping could become the next big thing in identity theft. That open tab labeled "Citibank" or "Facebook" may not be the real deals, Raskin argued. But you may not know that..., so you enter your username and password to, you think, log in again. Boom! You're owned. Tabnapping isn't in active circulation at the moment, but the ease with which another researcher was able to sidestep a noted Firefox add-on designed to prevent such trickery doesn't bode well. What can you do if tabnapping shows its face? We have a few answers. What should I not do? Don't log-in on a tab that you haven't opened yourself. Since the tabnapping tactic banks on you trusting that you opened the tab -- and that the site simply timed out -- the best defense is this offensive move. In other words, if you see a tab that contains a seemingly-legit log-in form, close it, then head to the site yourself in a new tab. Will browser makers patch this? Unlikely. Microsoft's Jerry Bryant, a general manager at the company's security response center, said the issue isn't a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that's the way browsers work. "Working with [Raskin's] proof-of-concept, as written, is expected," he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE. Can my browser protect me at all? Yes. Every major browser has a filter of some kind designed to weed out malicious sites and/or legitimate sites that are suspected of being infected with attack code. Presumably, those filters, assuming the blacklists underlying them are current and accurate, would block tabnapping attacks. To kidnap tabs, a hacker has to get his tab-mutating code onto your machine somehow. Raskin pointed that out by noting the likely attack vector. "Every time you include a third-party script on your page, or a Flash widget, you leave yourself wide open for an evil doer to use your site as a staging ground for this kind of attack," he wrote in his blog. So the best defense browsers can currently manage is to warn you of potential attack sites before you reach them. That's where filtering comes in. What is a browser hijacker?A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit. It is often called a browser redirect virus because it redirects the browser to other, usually malicious, websites. Part of the aim of a browser hijacker is to help the cybercriminal generate fraudulent advertising revenue. For instance, a browser redirects the victim's homepage to the hijacker's search page. Next, the hijacker redirects a victim's web searches to links the hijacker wants the victim to see, rather than to legitimate search engine results. When the user clicks on the search results, the hijacker gets paid. The cybercriminal can also sell information about the victim's browsing habits to third parties for marketing purposes. A browser hijacker may contain spyware, enabling the attacker to obtain the user's banking information, credit card number or other sensitive data. Browser hijackers may also install ransomware, a type of malware that encrypts data on the victim's system, holding it hostage until the victim pays the hijackers a sum of money to unlock it.
How does browser hijacking work?Browser hijackers can infect devices through malicious email attachments, by downloading infected files or by visiting infected websites. The browser hijacking software could be bundled with a browser extension or be part of the software. Browser hijackers can also originate from shareware, freeware, adware and spyware infections. Browser hijackers are likely to be downloaded unintentionally by the user. The user may be tricked into agreeing to an additional download in the terms and conditions to install software. The victim may also be fooled after being offered the option to decline the installation of the browser hijacker software, but the query is worded in a way that deliberately confuses the user into downloading the software. Once installed by the user, malicious code embedded in the software begins altering the activity of the user's browser. The browser settings targeted by browser hijacking vary depending on the hijacker and their goals. Some hijackings may make only small changes -- such as adding a new and unwanted toolbar. These changes tend to be more annoying than dangerous. But the more dangerous hijackings may target the domain name system (DNS) to redirect users to a dangerous website, possibly to steal their passwords and user credentials. What are the impacts of browser hijacking?Knowing what the effects of browser hijacking are can help users determine if they have been highjacked. They are as follows:
How can you tell if you have a browser hijacker?A system infected with a browser hijacker may show a few obvious signs of infections. Users should watch out if they are experiencing:
Hijacked devices may not always show signs of infection, however. Browser hijackers meant to go unnoticed may try to spy on the user's activity and collect data. How do you remove browser hijackers?Depending on the circumstances, browser hijacker removal can be relatively straightforward. Different actions to take include the following:
How do you prevent browser hijacking?There are several ways to protect against browser hijacking, including:
Learn how to stop malicious browser add-ons in this article. This was last updated in September 2021 Continue Reading About browser hijacker (browser hijacking)
Dig Deeper on Threats and vulnerabilities
Is another type of browser attack in which a user is redirected to another page?A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit. It is often called a browser redirect virus because it redirects the browser to other, usually malicious, websites.
What type of attack can a hacker perform that involves injecting malicious code into a website?One of the most common ways an attacker can deploy a cross-site scripting attack is by injecting malicious code into a comment or a script that could automatically run. For example, they could embed a link to a malicious JavaScript in a comment on a blog.
What type of attack can a hacker perform that involves injection malicious code into a website to hijack a session cookie?A cross-site scripting (XSS) attack fools the user's machine into executing malicious code, although it thinks it secure because it seemingly comes from a trusted server. When the script runs, it lets the hacker steal the cookie.
What makes a DDoS attack different from a DoS attack?A denial-of-service (DoS) attack floods a server with traffic, making a website or resource unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
|