Results 1 to 3 of 3

Thread: Spyware -> Hypothetical Discussion

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    786

    Spyware -> Hypothetical Discussion

    Okay and welcome everyone. After reading v_ln's post in this section, I suddenly thought of an interesting application for spyware. Note that I do not like spyware myself, but out of curiosity decided to ask about this: How would you be effected if spyware took advantage of computer security holes to bring data "home"? Would you notice it in the situation below?

    Suppose that company X has just written a spyware program that Ad-Aware and Spybot Search & Destory, and any other spyware detection program doesn't see since it is so new. Unlike other spywares that will boldly connect to the company's server themselves to upload your personal information (the ones that your personal firewall says X is connecting to Y, accept/deny?), suppose this spyware took advantage of vulnerabilities inside of your web browser and the trust that you gave it via your personal firewall (the browser that you made the rule Allow Out TCP *:* or equivilent for). I will specifically point out Internet Explorer to quit sounding so obscure.

    And the bug in Internet Explorer is the one that lets you hide the real URL. (Refresh your memory) What if this spyware program went through all of your bookmarks and quietly replaced them with links utilizing that vulnerability to *redirect* you do their server, which would redirect you back to your original website after a script recieved and saved your personal data? Would you be able to find if something is afoul?


    Here is my answer to that question. First of all, I rarely use my bookmarks since my commonly visited websites show up in the address bar when I start typing the website in. Since it needs you to click the modified bookmarks, if you don't click them it can't send the information behind your back. My firewall lets me connect to any website, so I don't have to approve every single connection. This leaves me vulnerable since I wouldn't be able to tell if I connected to the same "trusted" computer as before. Lastly, I use Mozilla so if my bookmarks are modified by this hypothetical spyware, I would clearly see the %01 and a really long URL with the data it is collecting on me.


    What about you? Would you be in trouble if some company used this? I think I would be okay, but you never know. Also, I have no idea if this is/has been used by spyware companies before, but hopefully the MS Patch that hopefully addresses that issue comes out before it gets put to misuse...

    I appologize if this question was asked before, as my searches did not turn up anything.

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    You might wanna take a look and read this article :
    Coopting a Browser: Setiri

    It kinda sounds like what you are talking about even though this is for trojans.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    Thanks for the link, it was a good read. I never knew about invisible IE windows... I'm guessing that the IE Channels feature and Active Desktop could also be abused in a somewhat similar fashion, but I've never taken the time to learn much about them. I really hope that I don't come across any mal-ware/ad-ware/trojan or spyware that takes advantage of stuff that my firewall trusts...That Setiri trojan sounds nasty, although the way the article ends tossing up ideas for the webmaster to get back at those who are controlling the clients via their server sounds like fun. Probably changing the comand option with a Javascript that replaces it with IP/Browser Info before submiting the forum could be of some use, though probably unreliable...


    I tried to add a poll shortly after posting, but you can't seem to add one after posting...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •