Cross Browser Worm Spreads Via Facebook, Security Experts Warn

Cross-browser worm spreads via facebook, security experts warn

by

cleanroomesd

Malware writers have used Crossrider, a cross-browser extensiondevelopment framework, to build a click-fraud worm that spreads onFacebook, security researchers from antivirus firm Kaspersky Labsaid on Monday. Crossrider is a legitimate Javascript framework that implements aunified API (application programming interface) for buildingMozilla Firefox, Google Chrome and Internet Explorer extensions. The API allows developers to write code that will run insidedifferent browsers and, by extension, on different OSes. Theframework is still in beta testing and its creators plan on addingsupport for Safari soon.

medical machine transcription

\”It is quite rare to analyze a malicious file written in the formof a cross-platform browser plugin. It is, however, even rarer tocome across plugins created using cross-browser engines,\” saidKaspersky Lab malware expert Sergey Golovanov in a blog post on Monday. The new piece of malware is called LilyJade and is being sold onunderground forums for US$1,000. Its creator claims that it caninfect browsers running on Linux or Mac systems and that since itdoesn\’t have any executable files, no antivirus program is designedto look for it.

immigrating to canada

The malware\’s purpose appears to be click fraud. It is capable ofspoofing rogue advertisement modules on Yahoo, YouTube, Bing/MSN,AOL, Google and Facebook, Golovanov said. When users view or clickon these ads, the malware\’s creators earn money through affiliateprograms. In order to spread, the malware leverages its control over infectedbrowsers to piggyback on active Facebook sessions and send spammessages on behalf of authenticated Facebook users. The links included in LilyJade\’s Facebook spam messages directusers to compromised websites that load the Nuclear Pack exploitkit into a hidden iframe, Golovanov said.

Business Services

Exploit kits like Nuclear Pack attempt to exploit vulnerabilitiesin outdated software — usually browser plug-ins like Java, FlashPlayer or Adobe Reader — in order to infect computers withmalware. The concept of malware running inside the browser as an extensionis not new, but it seems to be increasingly popular with malwarewriters. Last week, the Wikimedia Foundation warned users that seeing commercial ads on Wikipedia is most likely the resultof their browsers being infected with malicious extensions. Social networking worms also appear to be making a comeback.

OnFriday, Symantec reported about a new variant of a worm called W32.Wergimog, which spreads bysending spam messages on Facebook, Hi5, Hyves, Linkedin, MySpace,Omegle and Twitter. On Thursday, researchers from Trend Micro reported about a different worm that spreads through several social networks and instant messagingapplications.

iters have used Crossrider, a cross-browser extensiondevelopment framework, to build a cli

Article Source:

ArticleRich.com