JavaScript Botnet Sheds Light On Criminal Activity

  /     /     /  
Publicated : 22/11/2024   Category : security


JavaScript Botnet Sheds Light On Criminal Activity


A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals



BLACK HAT USA 2012 -- Las Vegas -- Two researchers from Madrid-based security consultancy Informatica64 used a JavaScript Trojan horse to take control of computers using an untrusted proxy, gaining intelligence on a variety of underground criminal activity, from Nigerian spammers to dating-site scammers to Web-site defacers.
In a presentation at the Black Hat security conference on Wednesday, security consultant Chema Alonso demonstrated a legally questionable technique to eavesdrop on the activities of people, or create a botnet, by replacing cached JavaScript with an attackers copy. To inject the JavaScript file into a victims browser, Alonso and a colleague set up an anonymous proxy server and then published its Internet address on a proxy forum.
In a single day, more than 4,000 computers had connected to the proxy server and had the poisoned JavaScript file in their browser caches. Using the JavaScript Trojan horse, the group started collecting cookies and Web site credentials.
In one day, we were able to get over 4,000 bots -- in one day, Alonso said. No pay-per install, no paying anyone to create the exploit.
The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.
[ Using JavaScript and cross-site request forgery, two researchers plan to show its possible to attack routers leveraging computers on the internal network. See
Advanced JavaScript Attack Threatens SOHO Routers
.]
While other man-in-the-middle attacks could capture data communicated in the clear, by using JavaScript the security researchers could gain access to data that would otherwise be encrypted using the secure sockets layer (SSL) protocol.
The technique could be used to target specific Web sites by gathering information on the JavaScript files on the targeted site. By replacing one of the JavaScript files with a malicious version via the proxy server, the attacker can tailor attacks for specific sites, he said.
Alonso acknowledges that the technique may be legally questionable. While he published a privacy warning and legal disclaimer on the proxy site, he said you have to be careful where you set up the proxy server.
It is better to search for servers in countries without law, he said.
It is very likely that companies and governments are already using this technique to eavesdrop on criminal activity, Alonso said.
If we were able to collect that amount of data in only one day doing nothing, two small JavaScript files, how many governments are doing the same on the Internet? How many intelligence agencies are doing the same on the Internet?
Alonso recommended that anyone who is using anonymous proxies or even the Tor network to only use servers that they trust. In addition, privacy-sensitive people should regularly clear the browser cache. The cache is not your friend, he said.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
JavaScript Botnet Sheds Light On Criminal Activity