Dark side of bookmarks
22:49 31.10.2009This is English version of my Dark side of bookmarks article.
There is such useful functionality in browsers as bookmarks. This menu in IE called Favorites, and in other browsers called Bookmarks. At first sight this functionality doesn’t betoken any problems with security for users of the browsers, but it’s not so. There are several attacks, which can be conducted via bookmarks. I planned to tell about it already in 2008 and I’d tell you about it in my article “Dark side of bookmarks”.
Attacks via bookmarks.
There are possible next attacks via bookmarks:
1. Spam.
2. Phishing.
3. Malware spreading.
4. DoS attacks.
Bookmarks create conditions for conducting of persistent attacks, because bookmarks are saving at computers of the users. So every of above-mentioned attacks is persistent attack, which can trigger in any time, when user will choose bookmark in his browser.
Methods of conducting of attacks.
The next methods can be used for spreading of malicious bookmarks:
1. Social engineering: inscriptions “Press Ctrl-D” at the sites under control of offenders (where code for redirection or other code is placed, which will trigger on next visit of the site).
2. Hacking of the sites and changing of codes in links “Add to Favorites” to malicious codes, or putting of such links at the sites under control of offenders.
3. Using of viruses, which add bookmarks into victim’s browser.
4. Using of viruses for changing of existent bookmarks to malicious ones in victim’s browser.
5. Using of attacks with active (looped) proposition to add to bookmarks (in modern browsers), so as to let victim to accidentally add to bookmarks (or to force her to add to bookmarks).
Spam.
Bookmarks on advertising sites can be put into Bookmarks (Favorites). So bookmarks can be used for spam spreading.
Phishing.
Just as in case of spam, bookmarks can be used for phishing. But in this case, besides putting of bookmarks via methods 1, 2 and 5, the most effective will be methods 3 and 4. So as to let victim to click on bookmark, which must lead to the site of her bank, but in result proceed to phishing site.
Malware spreading.
Attack will be conducting via bookmark on exploit for browser. Which will execute malicious code in browser of the user, after click on bookmark, and will install virus at his computer.
DoS attacks.
Attack will be conducting via bookmark on DoS exploit. After click on bookmark by the user, his browser will crash or freeze.
Mechanism of bookmarks also can be used by itself for conducting of DoS attacks on browsers. This attack I called DoS via bookmarks. Firefox 3 and previous versions, Internet Explorer 6, Internet Explorer 7 and Opera 9 and previous versions are vulnerable to it.
Conclusions.
Attacks via bookmarks are completely real and dangerous. So users of the browsers must be careful in Internet and don’t add anything in bookmarks. And don’t click on unknown bookmarks in own browser.