Malware Can Spread Through Software Updates
>> Sunday, September 06, 2009
We have seen exploits in plug ins & apps are helping hackers to find vulnerabilities & intrude inside a secured system or a network, I came across the news from cnet.com which says that two researchers from Israeli security firm Radware have found out a way which gives access to a computer by updating any software mostly affects the Skype & other applications.
This is terrible, It raises a question that we should download an update or not ? according to these two geeks named Itzik Kotler and Tomer Bitton more than hundred applications can be targeted from cnet.com downloads, which is one of the most trusted downloading site for all Internet users.
The tool is named as ippon (Means ‘Game Over’ in the game of Judo), It gives 3d View pf user who is trying to connect to the update server.
It scans the local Wi-Fi Network & checks whether any victim is trying to check updates through HTTP requests, it detects the victim & try to reply before the update server & gains command over the updates.
According to the makers the Microsoft browser is not vulnerable to this Malware attack as it uses digital signature to check for update. And they are yet to test Firefox & other major browsers which could possibly go under this Malware threat. What is more important that they have shown a security companies another hole to secure for.
Software basically sends message that ‘Updates are available’, when user accepts request they send infected piece of code to that Vitim, which gives them command over any PC.
So folks, think twice before using a public wi-fi (specially the unsecured one)