Jeremiah Grossman: De-Anonymize Web Surfers with JS Malware

Monday, September 11, 2006

De-Anonymize Web Surfers with JS Malware

RSnake's research continues with another choice discovery by connecting together various JavaScript Malware hacks. To get the full technical picture you'll have to read several posts, starting with DNS Pinning Just Got Worse and Using CSS to De-Anonymize. This stuff gets complicated really quickly, not sure if I understand it all yet.

The deal here is that JavaScript Malware has access to a browser's DOM and History. We knew that from my ealier JS/CSS History PoC. Once your browser is infected with JavaScript Malware, the attacker makes educated guesses at internal network hostnames common to organizations (http://intranet/) to see if you've been there. And if its not in your history, they'd use iframes and force a user to visit the URL, then re-check the history. Once they have an intranet target, use DNS pinning, and read the website across domains. They now know whom you work for. Rinse repeat and find out more about the victim.

Hack upon hack upon hack.

No comments:

Post a Comment

BIO

Jeremiah Grossman brings 20+ years of experience in Computer Security and has become one of the most recognizable and world-renowned cybersecurity experts in the industry, coining several of the original hacking terms commonly used around the world today. Early in his career, Jeremiah was known as “The Hacker Yahoo” which led to his role as the company’s Information Security Officer. Jeremiah founded WhiteHat Security (now Synopsis), and served as Chief of Security Strategy for SentinelOne which was the highest-valued cybersecurity IPO in history. Most recently, Jeremiah was the founder & CEO of Bit Discovery, which was acquired by Tenable in 2022. He also serves as a company advisor and board member to several tech startups. In his spare time, Jeremiah does Brazilian Jiu-Jitsu and is passionate about classic cars. He recently opened Toybox, a luxury car club in Boise, Idaho.