Using Software Updates to Spread Malware
By CNET Staff Writer Elinor Mills
Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.
About 100 applications, many among the most popular on CNET's Download.com, can be targeted, said Itzik Kotler, team leader of Radware's security operations center, before his presentation here at the Defcon conference.
Kotler and colleague Tomer Bitton are releasing a tool called Ippon (which means "game over" in Judo) that enables the attack and offers a 3D view of potential victims on a network.
With the tool, an attacker can scan a Wi-Fi network for computers checking for new updates via HTTP (Hyper Text Transport Protocol). If the system detects a computer sending a software update request, the tool replies before the app update server can respond, Kotler said.
Ippon customizes messages for the particular application and sends a message indicating that there is an update available even when the system already has the most recent legitimate update, he said. A malicious file is then downloaded from the attacker's server onto the victim's computer.
The researchers said they had not tested whether Firefox or other major browsers are vulnerable. Microsoft software is not vulnerable because it uses digital signatures in its update process, which all software updates should, Kotler said. People should be careful when using public Wi-Fi networks and avoid doing software updates on them, he said.
"You have to assume when on a public infrastructure that the infrastructure can be attacked," he added.
There is also the possibility that someone could spread an "airborne virus" via software updates that uses victim machines to attack and infect other machines on a network, according to Kotler.
Copyright 2009 CBS. All rights reserved. Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.
About 100 applications, many among the most popular on CNET's Download.com, can be targeted, said Itzik Kotler, team leader of Radware's security operations center, before his presentation here at the Defcon conference.
Kotler and colleague Tomer Bitton are releasing a tool called Ippon (which means "game over" in Judo) that enables the attack and offers a 3D view of potential victims on a network.
With the tool, an attacker can scan a Wi-Fi network for computers checking for new updates via HTTP (Hyper Text Transport Protocol). If the system detects a computer sending a software update request, the tool replies before the app update server can respond, Kotler said.
Ippon customizes messages for the particular application and sends a message indicating that there is an update available even when the system already has the most recent legitimate update, he said. A malicious file is then downloaded from the attacker's server onto the victim's computer.
The researchers said they had not tested whether Firefox or other major browsers are vulnerable. Microsoft software is not vulnerable because it uses digital signatures in its update process, which all software updates should, Kotler said. People should be careful when using public Wi-Fi networks and avoid doing software updates on them, he said.
"You have to assume when on a public infrastructure that the infrastructure can be attacked," he added.
There is also the possibility that someone could spread an "airborne virus" via software updates that uses victim machines to attack and infect other machines on a network, according to Kotler.
Popular in SciTech
- Microsoft announces Xbox One
- Microsoft's new Xbox: What to expect, where to watch
- Watch: NASA captures Okla. tornado from space Play Video
- Microsoft announces Xbox One 16 Photos
- The 7 weirdest things made by 3D printing
- Power of Okla. tornado surpassed Hiroshima bomb
- NY official: Airbnb stay illegal; host fined $2,400
- Storms that spawned deadly Oklahoma tornadoes seen from space (video)
Otherwise I agree with most of those here who say that you should always be wired :)
These two people and others at the conference are like the Muslim opium trafficers who spread heroin and the blight it causes on law abiding citizens throughout the world. Why aren't they being arrested upon their return to Israel? Their proud to have found a method of hacking into personal computers and causing harm to innocent people?
apparently this went right over your head. the purpose was to make others aware of this security vulnerability so that it can hopefully be fixed in the applications affected by it. the term "hacker" has a lot of bad stigma surrounding it, but you should be aware that there are many hackers out there that provide a great service to the rest of the world without any malicious intentions.
When will people learn?
The American Sheeple.