IC3: Browser Bot Infection and HTML Attachment Malware

Wednesday, March 28, 2012



Browser Bot Infection

What happens when your web browser becomes the "bot?" A look at a current Trojan infection campaign similar to the infamous Zeus malware makes open source web browser users a bit nervous.

The open source browser can now function like a bot and accept commands. It can process the content of the current page where it is located, redirect the user, halt the loading of particular pages, steal passwords, run executables, and even kill itself.

Unfortunately, the kill function is a bit excessive and deletes critical system files, which in turn prevents users from logging in properly.

The way it builds the malicious code into the open source browser is notable, because it uses the design of the browser against itself. In the past, researchers have seen threats create malicious extensions. Users would have to disable that particular add-on, which would eradicate the threat.

For this particular piece of malware, this is not the case. Since it is a component, it does not appear as an add-on in the browser's Add-ons Manager in the same manner other extensions and plugins appear. Furthermore, due to the design of the open source browser, the Trojan will be reinstalled every time the browser establishes a connection to the Internet.

HTML Attachments Used to Spread Malware

In the last month, security researchers have observed several large spam campaigns with malicious HTML attachments. A 2007 botnet is believed to be behind the spike in these attacks.

Traditionally, HTML-based attachments were used for phishing attacks to entice HTML victim to the desired spoofed web page. This current attack vector uses the HTML attachment with malicious javascript to redirect victims to the exploit kit.

The exploit kit will then scan the target machine for vulnerabilities that can be exploited to install an information-stealing Trojan.

Source:  http://www.ic3.gov/media/2012/120327.aspx

Possibly Related Articles:
Viruses & Malware
Trojans Browser Security malware Open Source Application Security HTML Headlines IC3 Malicious Code Sniffer
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.