Any computer, anywhere?
Jimmy Hess
mysidia at gmail.com
Mon Dec 9 02:08:35 UTC 2013
On Sun, Dec 8, 2013 at 2:24 AM, Warren Bailey <
wbailey at satelliteintelligencegroup.com> wrote:
> Noticed this tonight.. Not saying the WP is always on target, but what
> software could be installed via a browser on any computer to gather all of
> that data? And how would it be done without the OS speaking up about it?
> Far fetched.. Or do the Firefox / chrome guys have
Not really; it's well within the realm of possibility, and not even
unlikely.
The answer about what software could be installed that way, would be
taylor-made covert software; plenty of that is known to exist.
Law enforcement would have it well within their ability to potentially
intercept and modify traffic on web pages accessed by the user, and inject
targetted exploits into the user's in-flight data connections.
Software can be installed via the browser through a variety of vectors;
mostly vulnerabilities leveraging Javascript, browser-specific flaws,
viewer flaws, API flaws such as fonts, or plugins such as Java,
Silverlight, Flash, Quicktime, or Adobe reader.
Then a sandbox defeat, and privilege escalation using a variety of
unpublished exploit techniques.
Once that has occured; software may be deployed undetectably and
persistently in a variety of ways. A payload specific to the target may
be downloaded and configured in the background.
It is also possible, that the malware may simply modify existing programs
such as the operating system running in RAM --- diskless malware that
doesn't save a copy of itself, but reinfects the system after a reboot,
when the user browses the web again, and the exploit kit is launched
again.
--
-JH
More information about the NANOG
mailing list