Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Browser feature can be abused to misrepresent download origin, researcher says

Lucian Constantin | June 1, 2012
Legitimate browser functionality can be abused to trick users into believing that a trusted website has asked them to download a file, which is actually being served from a rogue server, Google security engineer Michal Zalewski demonstrated on Tuesday.

"I think these responses are fine, given the sorry state of browser UI security in general; although in good conscience, I can't dismiss the problem as completely insignificant," Zalewski said.

Carabott and Botezatu both agreed that this issue should be fixed because attackers are likely to start exploiting it if it is left unaddressed. However, the fact that this attack method leverages legitimate browser functionality might make it harder to mitigate, Carabott said.

"We're aware of a spoofing issue that can be mitigated by enabling Internet Explorer's Smart Screen Filter," said Yunsun Wee, director of Trustworthy Computing at Microsoft. "There have not been any known attempts to exploit this issue, and we continue to encourage customers to only visit trusted websites."

Mozilla did not immediately return a request for comment.

"The best practice is to refuse any download that initiates automatically," Botezatu said. "If this is not possible, users should scan the downloaded file with either an antivirus or online with a multi-engine antivirus service."

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.