Poke Trainer Gary
Optimistic
- 43
- Posts
- 15
- Years
- Not an American
- Seen Jun 20, 2009
Hi malware fighters,
There is a new very dangerous generic gaping browser hole that affects all browsers (only the lynx browser is secure from it), and makes an attacker can take over the browser completely. It is almost impossible to patch, because it is inherent to the way modern browsers work.
NoScript add-on for Fx works in almost 100% of the cases against this, but Giorgio Maone advises to enable the "Plugins|Forbid IFRAME" option.
It seems like the exploit basically creates a frame that is hidden underneath the main content frame that a user is seeing. The main content could be a flash game or any sort of incentive to keep a user clicking. All of the clicks that the user is making are used to click on content in the hidden frame. Again, just my speculation based on the information provided by RSnake and Jeremiah above in a limited disclosure.
In a nutshell, it's when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It's a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you're on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening.
There is a new very dangerous generic gaping browser hole that affects all browsers (only the lynx browser is secure from it), and makes an attacker can take over the browser completely. It is almost impossible to patch, because it is inherent to the way modern browsers work.
NoScript add-on for Fx works in almost 100% of the cases against this, but Giorgio Maone advises to enable the "Plugins|Forbid IFRAME" option.
It seems like the exploit basically creates a frame that is hidden underneath the main content frame that a user is seeing. The main content could be a flash game or any sort of incentive to keep a user clicking. All of the clicks that the user is making are used to click on content in the hidden frame. Again, just my speculation based on the information provided by RSnake and Jeremiah above in a limited disclosure.
In a nutshell, it's when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It's a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you're on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening.