Web browsers: a history of rogues presented at Virus Bulletin 2011

by Christopher Boyd (Gfi software),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2011/abstracts/Boyd.xml

Summary : "Web browsers are all around us, yet most users probably don't stop to think about them too much. Where browsers are
concerned, most users think of threats as being malicious web pages, drive-by downloads and social engineering. They
give up their trust to these browsers wholeheartedly, allowing them to save passwords, retain browsing habits and much
more besides.
When the web browser itself is a rogue entity - built from the ground up to perform malicious acts - this is a very bad
idea.
What happens when the very tool you share your closest browsing secrets with is intentionally betraying trust with every
click of the mouse?
What happens when your browser intentionally sends you to places that could result in jail time?
This talk will examine the history of the rogue web browser, looking at key examples from 2006 to 2008 along with possible
reasons the 'movement' died out and examples of how the genre has evolved and made a comeback in the last year or two.
Proxy browsers and hacks that turn a legitimate browser rogue will also be examined. Russian forums, email exchanges,
illegal websites, smear campaigns, crime rings, documents from underground servers and adware vendors all feature
heavily.
"