Yesterday I had a visit by a childhood friend, during the visit I wanted to give him an idea of why Flash based web chat services can be inefficient for large number of simultaneous users while chatting. Before I could get into my example, the Userplane chat room I entered sent the following message:
It says "Warning! Your PC is at risk of virus and malware attack. Your system requires immediate check! System security will perform a quick and free scan of your PC for viruses and malicious programs." followed by an ok button as shown. Well , my years using computers and warning people of the dangers of trojan horse like messages from web pages prompting users to run scans, quickly told me this was a false message provided by some script embedded into the Userplane room I was in, and triggered by my attempt to send a message into the room. This is really bad news for Userplane, as it means the public rooms on its service have been compromised by malicious code creators and is being used as a vector for attack. Knowing what usually happens if one is to press the 'ok' button shown above, I immediately made my way for the "x" to close the window, and that was followed by a new message over the old one as shown below:
Double the fun! This message attempts to admonish the User against closing the window without running the supposed "cleansing" scan. Of course, it is simply the malware trying to get you to click one of its buttons so that you can be redirected to what ever page, or initiate the download of whatever malware it really wants you to see. Since I could not close the window (and firefox has no method for terminating specific subwindows) I had to close Firefox by using the windows process tree to kill the process. This is a very ominous attack vector, that tries really hard to get you to press it's buttons and download the supposed cleaning software. I'd imagine most of the people who use Userplane for casual chatting have no idea of the possibility of a malware script being embedded in the chat room page. This makes such chatrooms significantly more dangerous than chat rooms accessed from stand alone chat clients like Yahoo messenger or MSN Messenger, which lacking control of the actual UI though embedded scripts (though they used to be rampant 10 years ago) are no longer able to send false messages that appear to look like standard windows prompts. I was curious to see if there was anything about this attack vector on google and searched "userplane chat malware" I found the following siteadvisor summary of the site.
http://www.siteadvisor.com/sites/userplane.com/summary/
The user comment by "art" posted on 3/30/2006 indicates that a Userplane advertisement from "ErrorSafe" seems to prompt messages to install its software. I don't know if the messages I captured are from Errorsafe, but judging by the way they completely interrupted the chat experience , I doubt Userplane would allow code in the advertisements that interrupts the users experience so completely. However, who knows...AOL (owner of Userplane) is pretty hard up for advertising revenue with their recent troubles.
It says "Warning! Your PC is at risk of virus and malware attack. Your system requires immediate check! System security will perform a quick and free scan of your PC for viruses and malicious programs." followed by an ok button as shown. Well , my years using computers and warning people of the dangers of trojan horse like messages from web pages prompting users to run scans, quickly told me this was a false message provided by some script embedded into the Userplane room I was in, and triggered by my attempt to send a message into the room. This is really bad news for Userplane, as it means the public rooms on its service have been compromised by malicious code creators and is being used as a vector for attack. Knowing what usually happens if one is to press the 'ok' button shown above, I immediately made my way for the "x" to close the window, and that was followed by a new message over the old one as shown below:
Double the fun! This message attempts to admonish the User against closing the window without running the supposed "cleansing" scan. Of course, it is simply the malware trying to get you to click one of its buttons so that you can be redirected to what ever page, or initiate the download of whatever malware it really wants you to see. Since I could not close the window (and firefox has no method for terminating specific subwindows) I had to close Firefox by using the windows process tree to kill the process. This is a very ominous attack vector, that tries really hard to get you to press it's buttons and download the supposed cleaning software. I'd imagine most of the people who use Userplane for casual chatting have no idea of the possibility of a malware script being embedded in the chat room page. This makes such chatrooms significantly more dangerous than chat rooms accessed from stand alone chat clients like Yahoo messenger or MSN Messenger, which lacking control of the actual UI though embedded scripts (though they used to be rampant 10 years ago) are no longer able to send false messages that appear to look like standard windows prompts. I was curious to see if there was anything about this attack vector on google and searched "userplane chat malware" I found the following siteadvisor summary of the site.http://www.siteadvisor.com/sites/userplane.com/summary/
The user comment by "art" posted on 3/30/2006 indicates that a Userplane advertisement from "ErrorSafe" seems to prompt messages to install its software. I don't know if the messages I captured are from Errorsafe, but judging by the way they completely interrupted the chat experience , I doubt Userplane would allow code in the advertisements that interrupts the users experience so completely. However, who knows...AOL (owner of Userplane) is pretty hard up for advertising revenue with their recent troubles.
Comments