Zombie Browsers Spiced With Rootkit Extensions

Zoltan Balazs

Thu, 7th February 2013


Speaker Bio 1:
We are delighted to have Zoltan Balazs on Hacker Hotshots. An expert on malware, IPv6, pass-the-hash and especially browser malware. Zoltan is a proud member of the gula.sh team, bronze medalist of global Cyberlympics 2012 and is employed by Deloitte LLP. Zoltan is also a OSCP, C|HFI, CISSP, CPTS, MCP certified professional.

Zoltan explains how anti-virus programs are not monitoring or auditing browsers effectively and that is a terrible shame, because as he excellently demonstrates, infected browsers can wreck havoc. Point in case, vulnerable browsers and those with malicious browser extensions can also pose a threat to sites with two factor authentication!

Questions and answers

Henry, Concise Courses:
Which is the safest browser on the market in your opinion, and is there is one thing that we can do protect our browsers from being hijacked?

Zoltan Balazs:
I think that basically Chrome is one of the browsers on the market and right now they are also enforcing the use of their official extension store, so people cannot install extensions from third party sites, which is good because Google can centrally monitor those. Although, recent events has shown that cyber criminals were able to upload malicious extensions even to the Chrome web store but Google can react to these threats sooner than [other vendors].


Henry, Concise Courses:
Does this demonstrate that ChromeOS is also prone to security vulnerabilities?

Zoltan Balazs:
If the attacker is able to upload malicious extension to the Chrome Web Store then convince the user to install this extension or even if the user is installing in another method machine, it will synchronize all the extensions between all the Chrome browsers, so via that way it is possible to hack ChromeOS in the same way that someone can steal the whole Google account of another user.


Henry, Concise Courses:
Should there be more cooperations between ethical hackers, anti-virus and browser vendors?

Zoltan Balazs:
I am going to say yes, fortunately I can say that even Google and Mozilla were searching for me and we are now in contact discussing what can be done with improving security and a I have also contacted a lot of antivirus vendors about these threats and I am suggesting how their product can be made more secure.


Henry, Concise Courses:
What would you suggest to keep our employees terminals safe – should we use the No Script Addon?

Zoltan Balazs:
I suggest that it is good to limit the browser that employees can install, that’s the first way, and if a company does want to limit [employee’s choice of browser] then I would suggest the new Internet Explorer which is much safer than previous IE versions. Internet Explorer 10 is a very good and safe browser. From a Group Policy one can disable all addons in the Internet Explorer. My other suggestion would be to use Chrome because it can be managed via Microsoft Group Policy so the company can decide which extensions can be installed into Chrome and which can be denied.