Friday, November 30, 2012

Malicious Browser Add-on Edits Hosts File to Redirect Users to Phishing Websites

Only install add-ons from trusted sourcesIt’s no secret that browser add-ons bring us joy by increasing productivity and enhancing our overall internet experience, but not all add-ons are built with good intentions.

Cybercriminals have been known to push malicious browser add-ons that inject ads into websites or post spam on social network accounts.

More recently, Symantec researchers found that evil-doers have been spreading malicious browser add-ons that will redirect users to phishing websites whenever they type the URL of a legitimate site into their address bar.

These rogue add-ons are served from a phishing website mimicking the look & feel of a popular e-commerce website, complete with a typo-squatted domain and all.

The spoofed e-commerce website detects the user’s browser upon visit and prompts them to install the add-on for their particular browser. If the end-user chooses to install the add-on, it will modify the hosts file located in the Windows System32 directory, assigning the domain names of well-known companies to IP addresses of phishing websites.

For the uninitiated, Symantec explains that “when a user enters a website URL in the browser address bar, it checks the local DNS information, such as the hosts file, before sending a DNS query to the Internet.” That means if you type the web address for a website that’s been re-assigned using the hosts file, you’ll be directed to the phishing website instead of the legitimate one.

Fortunately Symantec says that the phishing site pushing the add-on has been taken offline, but another can easily pop-up elsewhere. Therefore, users are urged to remain vigilant and proceed with caution when installing software on their computer, even browser add-ons.

Browser Add-on Safety Tips

  • Use your browser’s built-in mechanism or visit the official add-on markets for Firefox, IE, Chrome, etc. to browse & install available add-ons.

  • Check the number of downloads, add-on rating, and user reviews for any red flags before downloading.

  • Do not download or install add-ons from unknown or untrusted sources.

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment