Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Malicious browser extensions pose a serious threat and defenses are...

26 Sep 2013   #1
Night Hawk

W7 Ultimate x64, W10 Pro x64 dual boot - Second remote tower W7 Pro x64
Malicious browser extensions pose a serious threat and defenses are...

Malicious browser extensions pose a serious threat and defenses are lacking

Many security products offer inadequate protection against malicious browser extensions, a researcher has found

By Lucian Constantin
September 26, 2013 08:44 AM ET

DG News Service - The number of malicious browser extensions has significantly increased in the past year but many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.

Attackers have already used such extensions to perform click fraud by inserting rogue advertisements into websites or by hijacking search queries, but research has shown that this type of malware has the potential to cause much more damage.

Last year Zoltan Balazs, an IT security consultant with professional services firm Deloitte in Hungary, created a proof-of-concept malicious extension that could be controlled remotely by an attacker and could steal authentication credentials, hijack accounts, modify locally displayed Web pages, take screenshots through the computer's webcam, bypass two-factor authentication systems and even download and execute malicious files on a victim's computer.

And last week the European Union Agency for Network and Information Security (ENISA) warned in its midyear report: "An increase in malicious browser extensions has been registered, aimed at taking over social network accounts."

Earlier this year Balazs investigated how various security products protect users against malicious browser extensions and presented his findings at the OHM2013 security conference near Amsterdam in August. He performed tests against browser security extensions, sandboxing software, Internet security suites, anti-keylogging applications and financial fraud prevention programs recommended by some banks.
see four page report

My System SpecsSystem Spec

01 Oct 2013   #2
x BlueRobot


SEO Attacks can be avoided by directly typing the URL into the address bar of your browser
My System SpecsSystem Spec
01 Oct 2013   #3
Night Hawk

W7 Ultimate x64, W10 Pro x64 dual boot - Second remote tower W7 Pro x64

Often if I don't have a site in the browser's history especially when looking up a new site for a vendor perhaps I will simply type the site's name with the dot com included and find the home page to start from there. Another thing that works out well here however is having an effective web filtering included in the av program which will block out sites where any suspicious coding is detected over over programs that lack and you end up getting smeared by something.
My System SpecsSystem Spec

02 Oct 2013   #4
x BlueRobot


I've been warned by Firefox (or was it Opera?), that a website seemed to be suspicious.
My System SpecsSystem Spec
02 Oct 2013   #5
Layback Bear

Windows 7 Pro. 64/SP-1

These bad extensions are created so fast its hard for security people to keep up with them.
For me the best thing is running a anti virus program along with Malwarebytes Anti Malware Professional. It dose block sites and gives me a warning. I do not go to sites I get a warning.
I don't keep passwords on my computer. Certainly not a master password. I keep my password on a Rolodex and you would have to kill me to get it. At that point I don't need them anymore.
I do wonder about keyloggers but I really don't know what else to do about them.
My System SpecsSystem Spec
02 Oct 2013   #6
Night Hawk

W7 Ultimate x64, W10 Pro x64 dual boot - Second remote tower W7 Pro x64

I no longer have too much worry about bad sites and hidden bugs using VIPRE Internet Security 2013. The not resource hungry program rolls up a number of protections not requiring any other program be used unlike other av programs that continue to miss things. This one includes it's firewall as well as filtering function that simply blocks suspicious as well as known to bad sites before you get hit with something.

Before someone made the recommendation a few years back I had been running 3 or 4 programs trying to fill the gaps when using other av programs that lacked what this one offers. Once I started more research as well as looking up support sites for things I started running into a larger need for a regular paid software that works. It's already been put to the test on a number of occasions along with finding bugs hidden in old XP downloads I still kept on the storage when simply opening the folder they were in on two separate occasions.

Nothing is ever 100% however since the av program can only go so far! If you click on something you see it may turn out to be something other then it appears to be. Scam wares are generally more cleverly disguised to get you to buy some program that doesn't even exist! I had to clean one of those off a 7 laptop one occasion and alerted the software company's support staff which replied by advising the use of the VIPRE Rescue Program as one option. Virus Definitions and Removal Tools

GFI(Formerly Sunbelt Software) Software offers another FakeRean removal tool as well for seeing bugs burned off of your drive but not addons you pick out yourself with uninvited guests attached in that sense as far as opening things up. The tighter the security the tougher the malware writers get in oder to get past whatever security is in place. Often these bugged addons are thrown with a list of other legit extensions depending on where you find them which can complicate things more.

It can be a catch 22 at times not know if or if not it will be safe to add something when looking at the options each browser has. If you are a bit more savvy you can disable things on the browser itself but then may not be able to log in at some place or use some online type app.
My System SpecsSystem Spec

 Malicious browser extensions pose a serious threat and defenses are...

Thread Tools

Similar help and support threads
Thread Forum
Researchers find malicious extensions in Chrome Web Store
Source A Guy
Security News
Crypto certificates impersonating Google and Yahoo pose threat...
Crypto certificates impersonating Google and Yahoo pose threat to Windows users Source A Guy
Security News
Chrome Protecting Windows users from malicious extensions
Source: Chromium Blog: Protecting Windows users from malicious extensions
Security News
Malicious Chrome extensions on the rise
Read more at: Malicious Chrome extensions on the rise | ZDNet
Security News
Questions about VPN and browser extensions.
Hi Folks, i recently started using a VPN because i'm on public networks often and i'm confused about the extensions on my browsers, Chrome and Dragon. Does using a VPN negate needing to enable extensions like" https everywhere" and " Zenmate " for Chrome? Thank you for any help you can...
Browsers & Mail
Alert:Threat Type: Malicious Web Site / Malicious Code
Source - Office.Microsoft.Com Search Results Can Lead To Rogue Anti-Virus - Security Labs Alert
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:16.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App