Regular readers may recall a few weeks ago I was beating my head against the desk struggling with Mozilla’s SafeBrowsing changes; particularly when trying to download files from NirSoft.
- Firefox Malware Detection Download Monitoring: Thoughts - GrandStreamDreams blog
- Mitigating Recent Firefox and ABE Annoyances -GrandStreamDreams blog
I’m still not sure why the behavior ceased, but as the FF Extension Guru pointed out in the comments, Nir Sofer had made changes to the software in an attempt to reduce false malware identification rates.
Or it could have been a change buried in one of the rapid-fire Firefox updates released after my original posts:
- Firefox 32.0.2 Released - Firefox Extension Guru's Blog
- Firefox 32.0.3 Released - Firefox Extension Guru's Blog
Regardless, I’ve been able to download all the NirSoft apps I need/want for updating since then with no ill effects.
Also this week, Scott Hanselman found “evil” behavior in a Google Chrome extension he downloaded recently.
It’s another great post on a long-running theme that you can’t automatically trust any browser add-on, be it from Mozilla, Chrome, or IE.
As usual with most Hanselman blog posts, the comments were filled with germane information and additional resources:
- Chrome Extensions Going Rogue - Chris Anderson
- Why You Should Not Use Chrome Extensions - Code is Poetry
- Adware vendors buy Chrome Extensions to send ad- and malware-filled updates - Ars Technica
- After Chrome’s recent extension drama, what browser has the safest add-ons? - Ars Technica
- Chrome extension source viewer - Chrome Web Store
- Fiddler - free web debugging proxy
- Firebug - free web debugging add-on proxy
- Also, don’t forget about the native “F12” developer tools feature set in most all “modern” web browsers.
- Warning: Your Browser Extensions Are Spying On You - How-To Geek
- Warning: Your Browser Extensions Are Spying On You - How-To Geek
And for context, while this can impact you as an individual/private web-browser user, it could also impact enterprise browser deployments if the sysadmin policy allows for end-user installation of add-ons/browsers.
What would be the impact if a “harmless” add-on surreptitiously was serving additional ad content in the background of web-pages? Annoyance and bandwidth impact? Probably, but if that ad content was exploited to serve malware--regardless of the add-on developer’s knowledge or not -- it could have serious implications for the security landscape at your organization!
- Malvertising hits ‘The Times of Israel’ and ‘The Jerusalem Post’, redirects to Nuclear Exploit Kit - Malwarebytes Unpacked
- Large malvertising campaign under way involving DoubleClick and Zedo - Malwarebytes Unpacked
- Malvertising: Not all Java from java.com is legitimate - Fox-IT International blog
- Google’s DoubleClick ad network abused once again in malvertising attacks - Malwarebytes Unpacked
- Malvertising attack techniques dissected - Help Net Security. Links to a Bromium provided research report (PDF Link here) via Virus Bulletin 2014.
- Malvertising campaign leading to Zemot - Zscaler Research ThreatLabZ blog
Just sayin’…
Claus Valca
2 comments:
Hmm...Evil Add-Ons...yeah I am dealing with one of those in Chrome. It installed some type of tracker which I have not been able to get rid of with SoyBot, CCleaner, Hitman Plus, etc. It is only in Chrome as not had this issue in Firefox. I will see a message in the status bar when a site is loading.
Hmm..I think I got rid of it. Could've been one of three TamperMonkey (Greasemonkey for Chrome), Facebook Disconnect or Microsoft Smart Screen bypass. Whatever it was...it was also causing my secure connections not to be secure. After some research I discovered that Chrome likes to cache stuff and do a restart via the address bar (chrome://restart) which seemed to have done the trick. My secure connections are secure again and everything seems to be loading smoothly now.
Post a Comment