January 10th, 2004, 04:35 AM
Spyware -> Hypothetical Discussion
Okay and welcome everyone. After reading v_ln's post in this section, I suddenly thought of an interesting application for spyware. Note that I do not like spyware myself, but out of curiosity decided to ask about this: How would you be effected if spyware took advantage of computer security holes to bring data "home"? Would you notice it in the situation below?
Suppose that company X has just written a spyware program that Ad-Aware and Spybot Search & Destory, and any other spyware detection program doesn't see since it is so new. Unlike other spywares that will boldly connect to the company's server themselves to upload your personal information (the ones that your personal firewall says X is connecting to Y, accept/deny?), suppose this spyware took advantage of vulnerabilities inside of your web browser and the trust that you gave it via your personal firewall (the browser that you made the rule Allow Out TCP *:* or equivilent for). I will specifically point out Internet Explorer to quit sounding so obscure.
And the bug in Internet Explorer is the one that lets you hide the real URL. (Refresh your memory) What if this spyware program went through all of your bookmarks and quietly replaced them with links utilizing that vulnerability to *redirect* you do their server, which would redirect you back to your original website after a script recieved and saved your personal data? Would you be able to find if something is afoul?
Here is my answer to that question. First of all, I rarely use my bookmarks since my commonly visited websites show up in the address bar when I start typing the website in. Since it needs you to click the modified bookmarks, if you don't click them it can't send the information behind your back. My firewall lets me connect to any website, so I don't have to approve every single connection. This leaves me vulnerable since I wouldn't be able to tell if I connected to the same "trusted" computer as before. Lastly, I use Mozilla so if my bookmarks are modified by this hypothetical spyware, I would clearly see the %01 and a really long URL with the data it is collecting on me.
What about you? Would you be in trouble if some company used this? I think I would be okay, but you never know. Also, I have no idea if this is/has been used by spyware companies before, but hopefully the MS Patch that hopefully addresses that issue comes out before it gets put to misuse...
I appologize if this question was asked before, as my searches did not turn up anything.
January 10th, 2004, 05:43 AM
You might wanna take a look and read this article :
Coopting a Browser: Setiri
It kinda sounds like what you are talking about even though this is for trojans.
January 10th, 2004, 06:10 AM
I tried to add a poll shortly after posting, but you can't seem to add one after posting...