Malicious Browser Add-on Edits Hosts File to Redirect Users to Phishing Websites

It’s no secret that browser add-ons bring us joy by increasing productivity and enhancing our overall internet experience, but not all add-ons are built with good intentions.

Cybercriminals have been known to push malicious browser add-ons that inject ads into websites or post spam on social network accounts.

More recently, Symantec researchers found that evil-doers have been spreading malicious browser add-ons that will redirect users to phishing websites whenever they type the URL of a legitimate site into their address bar.

These rogue add-ons are served from a phishing website mimicking the look & feel of a popular e-commerce website, complete with a typo-squatted domain and all.

The spoofed e-commerce website detects the user’s browser upon visit and prompts them to install the add-on for their particular browser. If the end-user chooses to install the add-on, it will modify the hosts file located in the Windows System32 directory, assigning the domain names of well-known companies to IP addresses of phishing websites.

For the uninitiated, Symantec explains that “when a user enters a website URL in the browser address bar, it checks the local DNS information, such as the hosts file, before sending a DNS query to the Internet.” That means if you type the web address for a website that’s been re-assigned using the hosts file, you’ll be directed to the phishing website instead of the legitimate one.

Fortunately Symantec says that the phishing site pushing the add-on has been taken offline, but another can easily pop-up elsewhere. Therefore, users are urged to remain vigilant and proceed with caution when installing software on their computer, even browser add-ons.

Browser Add-on Safety Tips

• Use your browser’s built-in mechanism or visit the official add-on markets for Firefox, IE, Chrome, etc. to browse & install available add-ons.


• Check the number of downloads, add-on rating, and user reviews for any red flags before downloading.


• Do not download or install add-ons from unknown or untrusted sources.

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Secunia Issues Advisories for 2 Unpatched Safari Web Browser Vulnerabilities

On Friday, Danish vulnerability tracking firm Secunia published information related to two vulnerabilities within the Safari web browser following Apple’s reluctance to provide an estimate timeframe on when they plan to issue a patch.

Secunia disclosed the “moderately critical” plug-in unloading vulnerability, which could lead to an attacker gaining remote control of the system, to Apple six months ago. The less critical address bar spoofing vulnerability was reported to Apple over eight and half months ago.

In both cases, Apple failed provided a targeted patch release date despite Secunia’s multiple attempts to get a status update that included one. Three and a half months after the bugs were reported, Apple stated that the vulnerabilities had been confirmed and are being investigated. No further details were provided and ultimately Apple stated it was against their policy to comment on fix dates.

Vendors are given a 6-month semi-hard deadline to fix vulnerabilities that are reported via Secunia Vulnerability Coordination Reward Program (SVCRP), which offers a way for researchers to have their bug findings confirmed and reported to vendors.

The vulnerabilities have been confirmed in versions 5.0.5 (7533.21.1) and 5.1.2 (7534.52.7), but other versions may be affected.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.