All about Google Chrome & Google Chrome OS

21 May 12 Cross-browser worm spreads via Facebook, security experts warn

IDG News Service - Malware writers have used Crossrider, a cross-browser extension development framework, to build a click-fraud worm that spreads on Facebook, security researchers from antivirus firm Kaspersky Lab said on Monday.

Crossrider is a legitimate Javascript framework that implements a unified API (application programming interface) for building Mozilla Firefox, Google Chrome and Internet Explorer extensions.

The API allows developers to write code that will run inside different browsers and, by extension, on different OSes. The framework is still in beta testing and its creators plan on adding support for Safari soon.

“It is quite rare to analyze a malicious file written in the form of a cross-platform browser plugin. It is, however, even rarer to come across plugins created using cross-browser engines,” said Kaspersky Lab malware expert Sergey Golovanov in a blog post Monday.

The new piece of malware is called LilyJade and is being sold on underground forums for $1,000. Its creator claims that it can infect browsers running on Linux or Mac systems and that since it doesn’t have any executable files, no antivirus program is designed to look for it.

The malware’s purpose appears to be click fraud. It is capable of spoofing rogue advertisement modules on Yahoo, YouTube, Bing/MSN, AOL, Google and Facebook, Golovanov said. When users view or click on these ads, the malware’s creators earn money through affiliate programs.

In order to spread, the malware leverages its control over infected browsers to piggyback on active Facebook sessions and send spam messages on behalf of authenticated Facebook users.

The links included in LilyJade’s Facebook spam messages direct users to compromised websites that load the Nuclear Pack exploit kit into a hidden iframe, Golovanov said.

Exploit kits like Nuclear Pack attempt to exploit vulnerabilities in outdated software — usually browser plug-ins like Java, Flash Player or Adobe Reader — in order to infect computers with malware.

The concept of malware running inside the browser as an extension is not new, but it seems to be increasingly popular with malware writers. Last week, the Wikimedia Foundation warned users that seeing commercial ads on Wikipedia is most likely the result of their browsers being infected with malicious extensions.

Social networking worms also appear to be making a comeback. On Friday, Symantec reported about a new variant of a worm called W32.Wergimog, which spreads by sending spam messages on Facebook, Hi5, Hyves, Linkedin, MySpace, Omegle and Twitter.

On Thursday, researchers from Trend Micro reported about a different worm that spreads through several social networks and instant messaging applications.

Article source:

Tags: , , , , ,

10 May 12 Apple patches Safari, blocks outdated Flash Player

Computerworld -

Apple on Wednesday patched four security vulnerabilities in Safari and blocked outdated versions of Adobe’s Flash Player from running in its browser.

The Flash blocking move was similar to one Apple made last month when it stopped the Java plug-in from launching automatically.

Safari 5.1.7, which runs on OS X 10.6 and 10.7 — Snow Leopard and Lion, respectively — as well as on Windows XP, Vista and Windows 7, was released alongside another update for Lion that included a slightly-older version of the browser. Lion users must download and install both updates to push Safari to version 5.1.7.

The four security flaws fixed were the same ones patched Tuesday in iOS 5.1.1 for the iPhone, iPad and iPod Touch. All were labeled as bugs in WebKit, the open-source rendering engine that powers Safari as well as Google’s Chrome.

In fact, one of the vulnerabilities was first revealed by a researcher at the “Pwnium” hacking contest Google hosted last March. The researcher, Sergey Glazunov, was awarded $60,000 for pairing the flaw with another bug to bring down Chrome.

Glazunov was credited by Apple with reporting a second WebKit vulnerability, while another was attributed to a pair of engineers on the Chrome security team.

Along with the four patches, Apple also yanked Adobe’s Flash Player from Safari if the plug-in was older than version, which released in November 2010. Since then, Adobe has shipped Flash Player 11 for the Mac. It has also continued to maintain the older version 10, which now stands at version

“This update disables Adobe Flash Player if it is older than by moving its files to a new directory,” Apple’s advisory stated Wednesday. “This update presents the option to install an updated version of Flash Player from the Adobe website.”

Apple stopped bundling Flash Player with OS X in the fall of 2010, but users have been free to download and install the plug-in on their own. Microsoft last distributed Flash with the nearly-11-year-old Windows XP. Neither Windows Vista or Windows 7 included a preinstalled version of Adobe’s software.

Blocking Flash was the second such move by Apple in a month: On April 12, the company issued an OS X update that disabled automatic execution of Java applets by the Java browser plug-in. Apple took the step because of Flashback, a malware family that used a Java vulnerability to infect hundreds of thousands of Macs in a spree that still continues.

“As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days,” Apple said at the time.

Java Web Start is an Oracle technology that lets users single-click launch a Java app from within a browser without first downloading the app to the machine.

And Apple wasn’t the only browser maker to recently block Adobe software. On Friday, Mozilla added the Adobe Reader plug-in to its Firefox blocklist, citing compatibility problems that resulted in blank pages appearing when users clicked on a link to a PDF document.

Mozilla maintains a blocklist for extensions or plug-ins that cause significant security or performance issues in Firefox. The browser automatically queries the blocklist and notifies users before disabling the targeted plug-in.

According to Mozilla, it’s working with Adobe on a fix to Reader but will keep the plug-in on its blocklist until one is available.

Safari 5.1.7 can be downloaded from Apple’s website. Mac users will be notified of the new version automatically by OS X’s Software Update, while Windows users already running Safari will be alerted by a separate tool bundled with the browser.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is

See more by Gregg Keizer on

  • Apple patches Safari, blocks outdated Flash Player
  • Is Apple’s OS X Mountain Lion on early-release track?
  • Half of all Macs will lack access to security updates by summer
  • Flashback gang could be making $10K a day off infected Macs
  • Snow Leopard users most prone to Flashback infection
  • Does the iPad cannibalize Apple’s laptops?
  • New iPad owners pay big ‘halo’ dividends for Apple
  • Why is Apple CEO slamming laptop/tablet hybrids?
  • Macs contribute record-low 13% to Apple’s revenue
  • Update: Apple’s WWDC sells out in 2 hours

More in Apple Update

Read more about Mac OS in Computerworld’s Mac OS Topic Center.

Article source:

Tags: , , , , ,