Welcome to 2002 On Tue, Apr 3, 2012 at 10:01 AM, Adam Behnke <[email protected]> wrote: > We all know that hackers are constantly trying to steal private information > by getting into the victim's system, either by exploiting the software > installed in the system or by some other means. By performing routine > updates for their software, consumers can protect themselves, patching known > vulnerabilities and therefore greatly reducing the chance of getting hacked. > > Commonly used software, such as MS Office, Adobe Flash and PDF reader (as > well as the browsers themselves) are the major targets for exploits if left > unpatched. In the past, fake patches for Firefox, IE, etc. displayed > messages informing users that updated versions for a plugin or the browser > were available, prompting the user to update their software. For example, > the page will tell the user that updating their Flash version is critical. > Once the user clicks the fake update, it will download malicious content > (like, for example, the Zeus Trojan) to the victim's computer, as well as > perhaps a rogue anti-virus, asking the user to pay in order to remove the > infections. Similar attacks have been done in the past for various browsers, > too. > > When you think about it, how many people are really cautious about the > updates, the type of update or the link from where they are downloading and > installing the update? Obviously, there are very few people that are really > cautious and vigilant about updates, therefore making the success rates for > those exploiting the users high. > > Read more about how to perform a few different AutoUpdate man-in-the-middle > attacks that work against Java, AppleUpdate, Google Analytics, Skype, > Blackberry and more: http://www.ethicalhacking.com > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
