Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
December « 2010 « The FORWARD project blog

Archive for December, 2010

Popular web sites are stealing browser histories

Tuesday, December 7th, 2010

Some of the most popular web sites are exploiting a flaw to gain access to read browser’s Web history, according to researchers at University of California, San Diego. Their study tracked the the 50,000 most popular websites and found that 485 sites are exploiting the history-sniffing flaw, and 46 of those sites are actively downloading browser history, including youporn.com, gamesfreak.com, newsmax.com, morningstar.com and espnf1.com.

History sniffing called the combination of JavaScript and Cascading Style Sheet (CSS) properties that enables the sites to figure out where a user has been on the Web by changing the color of the links that the user has visited. The researchers’ findings are published in a new study entitled “An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications.”

According to the researcher’s, about 18, such as Gamestorrents.com, are using the exploit to analyze a user’s past visits to more than 220 sites. YouPorn.com, an amateur porn site and one of the 100 most visited sites on the Web, analyzes the browsing history for more than 21 sites, encoding its JavaScript to hide the sites it searches for and decodes it only when used, to cover its tracks.

The widely known vulnerability that these sites exploit exists in all production version browsers except of Apple’s Safari, which first detected the threat. Google Chrome and Mozilla Firefox soon followed. Internet Explorer may also defend against this attack if browser is used in private browsing mode. Production versions of those browsers are still wide open.

The study also detected sites maintained by Microsoft, YouTube, Yahoo and About.com that employ JavaScript tracking mouse movements on a page to detect what a user does after visiting it.

The man behind Mega-D botnet arrested

Tuesday, December 7th, 2010

Last week FBI has arrested the man that is believed to be behind the Mega-D botnet, one of the most renowned botnets, that was supposed to cause one third of total worldwide spam on the internet at a time. The name of the man is Oleg Nikolaenko, a Russian who was arrested at his last visit in the United States of America.

The first clue that Nikolaenko was behind Mega-D was given since a fake Rolex dealer, Jody Smith, was arrested. After Jody Smith, FBI arrested Lance Atkinson, an Australian fake medicine dealer who admitted he paid nearly half a million dollars to a third party known only as “Docent” for spam advertising. It is claimed that Oleg Nikolaenko took millions of dollars from companies looking to advertise fake products like fake Rolexes. After investigation agents found email accounts involved in the payment chain belong to Nikolaenko. In one of these Nikolaenko had the necessary command and control files for the Mega-D botnet.

Nikolaenko is supposed to run Mega-D since 2007. Mega-D spam has been reduced over the last months, and its servers are found non-responsive, but this has happened due to large interest of researchers and authorities.

Finally FBI arrested Nikolaenko at the Speciality Equipment Market Association (SEMA) car exhibition in Las Vegas for offences under the CAN-SPAM Act.