Comments on: Browser Rootkits

By: Detection and Removal of Rootkits!

Detection and Removal of Rootkits! — Thu, 25 Feb 2010 07:22:51 +0000

[...] Browser Rootkits [...]

By: Harder, Better, Faster, Stronger - The Malware | GNUCITIZEN

Harder, Better, Faster, Stronger - The Malware | GNUCITIZEN — Sat, 22 Nov 2008 18:49:11 +0000

[...] blogged about these stuff before, but my question still remains. What if the malware does not persist on [...]

By: shabnam

shabnam — Sat, 15 Mar 2008 19:39:35 +0000

Great! thanks :)

By: Sicurezza, ICT ed altro » Blog Archive » Browser rootkits

Sicurezza, ICT ed altro » Blog Archive » Browser rootkits — Thu, 01 Nov 2007 16:16:35 +0000

[...] post ben scritto che mette ancora una volta in evidenza la criticità dei browser, che qui vengono [...]

By: 艾克索夫實驗室 » RE:RE: Browser Rootkits

艾克索夫實驗室 » RE:RE: Browser Rootkits — Mon, 29 Oct 2007 16:25:08 +0000

[...] “Browser Rootkits” 作為關鍵字, 可以在 Google 裡面找到一篇 Protect your browser: Browser rootkits, Virtual appliances and Network Admission Control , 裡面提到的幾個觀念, 和我的想法不謀而合. [...]

By: 艾克索夫實驗室 » RE: Browser Rootkits

艾克索夫實驗室 » RE: Browser Rootkits — Thu, 25 Oct 2007 06:06:55 +0000

[...] 發了一篇文章介紹了 Browser Rootkits; Joanna 的回應是Thoughts On Browser [...]

By: hackathology

hackathology — Thu, 18 Oct 2007 13:33:14 +0000

Great article pdp

By: Gustavo Bittencourt

Gustavo Bittencourt — Thu, 18 Oct 2007 02:35:44 +0000

This article is really interesting. With its inspiration, I wrote an article about Browser Botnets: http://english.gustavobittenco.....tnets.html

Thank you
Gustavo Bittencourt

By: Inseguridad a nivel del navegador | Share the information

Inseguridad a nivel del navegador | Share the information — Wed, 17 Oct 2007 23:56:44 +0000

[...] a colación este tema gracias a un artículo de dpd colocado el día de ayer en Gnucitizen llamado Browsers Rootkits y quice hablar del tema dado que realmente la seguridad muchas veces no es tan detallista como se [...]

By: Liquidmatrix Security Digest » Security Briefing: October 17th

Liquidmatrix Security Digest » Security Briefing: October 17th — Wed, 17 Oct 2007 10:38:03 +0000

[...] Browser Rootkits [...]

By: pdp

pdp — Tue, 16 Oct 2007 22:06:10 +0000

Hugh, unfortunately that cannot be done on our side, but you can easily modify your browser settings to server your needs.

By: Hugh Mungus

Hugh Mungus — Tue, 16 Oct 2007 21:33:21 +0000

I wonder if it might be possible to make the text font color a shade darker. That way, it will be impossible to read your blog at all.

By: Chris

Chris — Tue, 16 Oct 2007 16:11:14 +0000

I look forward to seeing some of this talk put into action.

By: Web Tarayıcıları için Rootkit « eren@home ~ $

Web Tarayıcıları için Rootkit « eren@home ~ $ — Tue, 16 Oct 2007 15:17:13 +0000

[...] Tarayıcıları için Rootkit 16 10 2007 Petko D. Petkov blogunda yayınladığı yazı insanı bu konuda gerçekten düşündürmeye yöneltiyor. Üzgünüm ki metnin tamamını [...]

By: Sp0oKeR

Sp0oKeR — Tue, 16 Oct 2007 13:49:35 +0000

I think metafisher is kind of that already . It’s for IE and use Hel Objects if I’m not wrong.
Nice post.

Regards,

Sp0oKeR

By: pdp

pdp — Tue, 16 Oct 2007 13:26:05 +0000

can I ping you privately? or you can ping me privately with the information provided on the contact page. cheers :)

By: fazed

fazed — Tue, 16 Oct 2007 13:19:36 +0000

Nice write up, I agree that they will become more common place in the future. You could combine it with a browser exploit for your point of access and drop A exe which overwrites the browser.jar file with your own code. sorry if thats a bit off-topic. would you be interested in giving a talk about it on the upcomming darkstar e-conference?

-fazed

By: pdp

pdp — Tue, 16 Oct 2007 12:41:28 +0000

Jipe, you are right… the hidden field only works if you install the extension globally but as you suggested it is trivial to overlay the addons windows and as such remove the presence of the extension from the list.

By: Jipe

Jipe — Tue, 16 Oct 2007 12:06:29 +0000

Regarding the hidden capabilities of firefox extensions.

The hidden field of the install manifest only works for extensions installed in a restricted access area (so it does not work for add-ons installed in the profile).

However, as an extension extends the browser it will be trivial to it to remove itself from the extension list (just browse the list and remove the one which match the extension name)…