Skip to main content

web based malware vectors.

Yesterday I had a visit by a childhood friend, during the visit I wanted to give him an idea of why Flash based web chat services can be inefficient for large number of simultaneous users while chatting. Before I could get into my example, the Userplane chat room I entered sent the following message:


It says "Warning! Your PC is at risk of virus and malware attack. Your system requires immediate check! System security will perform a quick and free scan of your PC for viruses and malicious programs." followed by an ok button as shown. Well , my years using computers and warning people of the dangers of trojan horse like messages from web pages prompting users to run scans, quickly told me this was a false message provided by some script embedded into the Userplane room I was in, and triggered by my attempt to send a message into the room. This is really bad news for Userplane, as it means the public rooms on its service have been compromised by malicious code creators and is being used as a vector for attack. Knowing what usually happens if one is to press the 'ok' button shown above, I immediately made my way for the "x" to close the window, and that was followed by a new message over the old one as shown below:Double the fun! This message attempts to admonish the User against closing the window without running the supposed "cleansing" scan. Of course, it is simply the malware trying to get you to click one of its buttons so that you can be redirected to what ever page, or initiate the download of whatever malware it really wants you to see. Since I could not close the window (and firefox has no method for terminating specific subwindows) I had to close Firefox by using the windows process tree to kill the process. This is a very ominous attack vector, that tries really hard to get you to press it's buttons and download the supposed cleaning software. I'd imagine most of the people who use Userplane for casual chatting have no idea of the possibility of a malware script being embedded in the chat room page. This makes such chatrooms significantly more dangerous than chat rooms accessed from stand alone chat clients like Yahoo messenger or MSN Messenger, which lacking control of the actual UI though embedded scripts (though they used to be rampant 10 years ago) are no longer able to send false messages that appear to look like standard windows prompts. I was curious to see if there was anything about this attack vector on google and searched "userplane chat malware" I found the following siteadvisor summary of the site.

http://www.siteadvisor.com/sites/userplane.com/summary/

The user comment by "art" posted on 3/30/2006 indicates that a Userplane advertisement from "ErrorSafe" seems to prompt messages to install its software. I don't know if the messages I captured are from Errorsafe, but judging by the way they completely interrupted the chat experience , I doubt Userplane would allow code in the advertisements that interrupts the users experience so completely. However, who knows...AOL (owner of Userplane) is pretty hard up for advertising revenue with their recent troubles.

Comments

Popular posts from this blog

the attributes of web 3.0...

As the US economy continues to suffer the doldrums of stagnant investment in many industries, belt tightening budgets in many of the largest cities and continuous rounds of lay offs at some of the oldest of corporations, it is little comfort to those suffering through economic problems that what is happening now, has happened before. True, the severity of the downturn might have been different but the common factors of people and businesses being forced to do more with less is the theme of the times. Like environmental shocks to an ecosystem, stresses to the economic system lead to people hunkering down to last the storm, but it is instructive to realize that during the storm, all that idle time in the shelter affords people the ability to solve previous or existing problems. Likewise, economic downturns enable enterprising individuals and corporations the ability to make bold decisions with regard to marketing , sales or product focus that can lead to incredible gains as the economic ...

How many cofactors for inducing expression of every cell type?

Another revolution in iPSC technology announced: "Also known as iPS cells, these cells can become virtually any cell type in the human body -- just like embryonic stem cells. Then last year, Gladstone Senior Investigator Sheng Ding, PhD, announced that he had used a combination of small molecules and genetic factors to transform skin cells directly into neural stem cells. Today, Dr. Huang takes a new tack by using one genetic factor -- Sox2 -- to directly reprogram one cell type into another without reverting to the pluripotent state." -- So the method invented by Yamanaka is now refined to rely only 1 cofactor and b) directly generate the target cell type from the source cell type (skin to neuron) without the stem like intermediate stage.  It also mentions that oncogenic triggering was eliminated in their testing. Now comparative methods can be used to discover other types...the question is..is Sox2 critical for all types? It may be that skin to neuron relies on Sox2 ...

AgilEntity Architecture: Action Oriented Workflow

Permissions, fine grained versus management headache The usual method for determining which users can perform a given function on a given object in a managed system, employs providing those Users with specific access rights via the use of permissions. Often these permissions are also able to be granted to collections called Groups, to which Users are added. The combination of Permissions and Groups provides the ability to provide as atomic a dissemination of rights across the User space as possible. However, this granularity comes at the price of reduced efficiency for managing the created permissions and more importantly the Groups that collect Users designated to perform sets of actions. Essentially the Groups serve as access control lists in many systems, which for the variable and often changing environment of business applications means a need to constantly update the ACL’s (groups) in order to add or remove individuals based on their ability to perform cert...