A researcher said that he will release a tool that will allow hackers to hijack application updates on PC over an unsecured wifi connection by replacing the “update” with malware.
The hijack, believed to be vulnerable to about 100 applications including including CD burners, video players and more. The attack however does not effect application that uses digital signing for updates such as Microsoft apps.
Itzik Kotler, security operation center team leader for Radware and Tomer Bitton, security researcher for Radware, say that the hack can be used against most of today’s client application updates. The researchers, who will present their research at the Defcon17 hacker confab, also will release a tool they developed for the targeted attack that can inject a phony but realistic-looking update alert or hijack an ongoing update session, and lure the user to download malware instead.
“Most applications do simple HTTP transactions that download a file with the newer version … We can hijack the session and respond ourselves with an ‘application update’ and it takes place on our malicious Website,” Kotler says. “They are then going to download an update, and voila: it’s malware.”
The so-called Ippon tool, which is Japanese for “game over,” can also generate an attack where a victimized user’s machine can attack other machines in its proximity on the WiFi network. “You can take it to a self-propagation method and have it do the same to another victim,” he says.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Related posts:
- Check your Flash for security vulnerabilities now Now you can find security vulnerabilities in applications built on...
- Panda Cloud AV does not protect users against old Malwares In a recent interview with Panda Security, its senior research...
- Twitter now Blocks Malicious Web sites Thanks to Google’s Safe Browsing API, Twitter is now...
- Scam: Facebook Hacking An antivirus company recently discovered a website that claims to...
- New Norton Internet Security & Antivirus 2010 Beta Available Now The latest Norton Internet Security 2010 & Norton Anti Virus...
Pages
Category
- Advertlets (8)
- Adverts (21)
- Anti-Virus (20)
- Apple (42)
- Apple's Leopard (2)
- Blogging (18)
- Blogosphere (10)
- Blu Ray (3)
- Broadband (5)
- Browser (18)
- Computer (26)
- Email (7)
- Firefox (7)
- Firewall (2)
- FOSS (5)
- Free (6)
- Free Movie (3)
- Gadgets (20)
- Gaming (10)
- Google (39)
- Hacking (19)
- Hosting (5)
- Industry (5)
- Intel (10)
- Internet (65)
- iPhone (38)
- iPod (5)
- Linking (5)
- Linux (8)
- Mac (3)
- Make Money (10)
- Malaysia (74)
- Manufacturing (5)
- Microsoft (49)
- MIMOS (3)
- Mobile (16)
- Music (16)
- Netbook (8)
- NetizensMedia (1)
- Nike+iPod (2)
- Notebook (2)
- Nuffnang (7)
- Open Source (6)
- Operating System (14)
- P2P (5)
- Search (7)
- Security (51)
- Smartphones (1)
- Social Networking (20)
- Softwares (33)
- Sony (7)
- Storage (6)
- Stream (10)
- Streamyx (3)
- Technology (53)
- Telecommunication (14)
- Tips (4)
- Traveling (1)
- Ubuntu (9)
- Uncategorized (4)
- Vista (5)
- VoIP (6)
- Web (25)
- Wi-Fi (12)
- Wii (2)
- Windows 7 (9)
- Wordpress (7)
- XP (3)
- Yahoo (24)
- YouTube (5)
archives
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- July 2007
- June 2007
- May 2007
Sponsor
Links
Admin
-
Hit Counters
-
-
-
-
-
-
-
-
This work is licensed under a Creative Commons Attribution-No Derivative Works 2.5 Malaysia License.
Based on a work at www.wirespot.net.