New malware detects browser, shows fake malware warning page

Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before. 

Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless "Safe Browsing Mode" with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied.

Read the comments on this post

Chrome August’s big winner as Internet Explorer resumes slide

As browser competition continues to heat up, 2010 looks like the year when the market was repeatedly disrupted. Internet Explorer has not managed to gain share for a third month in a row. Firefox is leveling out while Chrome and Safari continue to grow. Opera? It's hanging on to relevance.

Between July and August, Internet Explorer dropped 0.34 percent, a drop smaller than June's or July's gain. Firefox, meanwhile, went up 0.02 percent, Chrome gained 0.36 percent, Safari was up 0.07, and Opera dipped 0.08 percent.

IE looks stuck around the 60 percent mark for the time being. At least it's still above its lowest point (59.69 percent) with its best chance of market share gains in the short term coming with the IE9 beta, and the back-to-school season.

The importance of being the default browser in the world's most popular operating system continues to help IE. Microsoft browsers are being used by more than 6 out of 10 people and IE8 is being used by more than one in four on the Web (quickly closing in on one in three)—it is now at 27.90 percent (over 30 percent if Compatibility Mode is included). Unfortunately for Web developers everywhere, IE6 continues to be more popular than IE7, though this month it declined more than its successor. IE6's share can be attributed to businesses still using customized intranet applications, and XP's much bigger installed base than Vista's (especially in developing countries).

If we take a look at the last 12 months, the stabilization of IE is really obvious. Firefox, meanwhile, remains far away from what may be the unreachable 25 percent mark, having lost all the share it gained in the last year. Its market share is actually lower than it was a year ago. Chrome's progress is very noticeable in the chart above, though it seems to have found resistance at the 7 percent mark. Safari's gains are at about 1 percentage point, while Opera's are almost insignificant.

As always, things at Ars are very different. There was no place-changing this time: Firefox continues to dominate, Chrome is second, Safari is third, IE is fourth, and Opera brings up the rear. Last month, Firefox gained share, as did Chrome and Opera. The first-party browsers, Safari and IE, both dropped.

Read the comments on this post

IE gains market share at the expense of Firefox, Chrome

Now that we're past the halfway point of 2010, it's starting to become apparent that the browser trends we've noted over the past several months are no longer holding. Sure, Safari and Opera are still slowly gaining share, but the three big guys are restless. Firefox has started declining, Chrome's growth spurt seems to have been put on hold, and Internet Explorer experienced gains for the second month in a row.

Read the comments on this post

Vendor inaction leads researcher to disclose Safari, IE flaw

If you use the autocomplete features in Safari, certain versions of IE, Firefox, or Chrome, you could be making yourself vulnerable to identity theft and other attacks, according to one security researcher scheduled to speak at the Black Hat conference next week. WhiteHat Security CTO Jeremiah Grossman says that the four major browsers have critical weaknesses that have yet to be addressed by their respective companies, and could expose users' passwords, e-mail addresses, and more to attackers.

Grossman plans to demo a proof-of-concept attack at next week's conference. As most of us know, if you have autocomplete turned on in many browsers, you just have to begin typing a letter or two in one of the fields before they all fill in with your name and address, possibly your credit card number, and more. Grossman says attackers can simply create a page with hidden form fields that use JavaScript to enter letters and numbers into each field until it finds one that's a hit, and the browser autocompletes it.

Users don't even have to enter a single letter for the attack to work—all they have to do is load the page, and they likely wouldn't even be aware of what's happening.

According to Grossman, the autocomplete exploit works in the two most recent versions of Safari (4 and 5), as well as IE 6 and 7. Firefox and Chrome aren't susceptible to this particular attack, though they were vulnerable to another one: Grossman says that the two browsers can expose stored usernames and passwords for saved sites, making it possible for a cross-site scripting vulnerability to grab the info when a user logs into a Google account or Facebook, for example.

The reason he plans to expose these vulnerabilities at Black Hat is because the companies in question have apparently not responded to Grossman's attempts to contact them about it. "I would never have talked about this publicly if Apple had taken this seriously," Grossman told The Register. "I figured somebody else must have found this before because it's so brain-dead simple.” When he sent a follow-up query “I never heard anything back, human or robotic."

Read the comments on this post

Next Page »