Tuesday, July 29, 2008

Wireless In-Security Used by Terrorists

Most of you reading this, will have heard about the bomb-blasts that have rocked Bangalore and Ahmedabad. Five minutes before each of the blasts the terrorists "Indian Mujahedin" sent out e-mails to the media warning about the threats and provoking the authorities to stop them in time.

Through the investigation the authorities have identified a wireless router belonging to an American Family in New Bombay as the source of the e-mails. Unfortunately for the family, their wireless router had no form of security or logging enabled.

Now not only is the family in a legal mess trying to prove their innocence without logs but also the terrorists will be able to easily get away without much hope of their identity being tracked. What concerns me most is that even if the family had enabled WEP encryption on their router, it would have taken nothing more then a few minutes to crack the password.

If you want to protect your wireless router from external threats, I would recommend implementing a combination of WEP or WPA encryption and MAC Address Filtering. For instructions, you can refer to this article from PC Magazine.

Update: Since I have last heard, the family is still being made to run around trying to prove their innocence. The wireless-router had no logging mechanism enabled, so its not possible to confirm whether the e-mail was sent by the family or a random passerby.

Sunday, July 27, 2008

Browser Based Malware

For some time now, I have been interested in browser based malware attacks and even more so after reading Armando Romeo's Posts about Backdoors in Firefox Extensions.

I've spent some time researching the topic and the various attack vectors and opportunities that are available through browser based malware. Consequently, I submitted a paper for the Avar 2008 Conference on Browser Based Malware Attacks which will detail the research I've conducted.

Avar is the largest Asia-Pacific conference for anti-malware technologies that is being brought to Delhi, India by QuickHeal in December 08.

I have been exploring the various attack vectors through which browser based malware could exist and analyzing their impact as compared to traditional malware.

Browser-based malware use the user’s browser to disrupt computer functions. This type of malware is typically unleashed when someone visits a web page that appears harmless, but actually contains hidden malicious code intended to sabotage a computer or compromise the user's privacy. The result of the attack may be as simple as a crashed browser; or as serious as the theft of personal information or the loss of confidential proprietary data.

Before the days of Web 2.0, browser based malware was fairly limited to drive-by-downloads, however since the discovery of JavaScript Attacks, CSS attacks etc the field has opened up. Some of the currently seen browser-based malware techniques are as follows:
  • Drive-By Downloads
  • JavaScript Worms and Viruses
  • CSS Attacks
  • Browser Add-ons Viruses and Worms
In the current state of the internet, much of a user’s life runs through their browser. With browser-based technologies such as: OSs, Storage/Backup systems, E-mails, Social Networking Web-sites, CRMs, Intranets etc. For an attacker, controlling a user's browser has suddenly become as fruitful as gaining access to their system.

Also considering that System based viruses and worms have are being comparitively well covered by Anti-Virus, Anti-Malware and Internet Security Products, it leaves the door wide-open for Browser Based Malware Attacks.

Through this research paper I intend to carry out a detailed analysis of browser-based malware threats and hope to dissect each threat and determine the following:
  • How they work?
  • What is the threat posed and possible impact?
  • How they can be remediated?
  • Will any current security products thwart this attack?
Also: If anyone is going to be attending AVAR 08, drop me an e-mail or leave a comment.