Adware vendors buy Chrome Extensions to send ad- and malware-filled updates

One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome's extensions, which are updated by the extension owners. This means that it's up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.

To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension.

We ought to clarify here that Google isn't explicitly responsible for such unwanted adware, but vendors are exploiting Google's extension system to create a subpar—and possibly dangerous—browsing experience. Ars has contacted Google for comment, but we haven't heard back yet. We'll update this article if we do.

Read 7 remaining paragraphs | Comments

More of Rackspace’s Bad Security

We previously touched on Rackspace’s bad security when it comes to their clients, but they also don’t feel the need to take a basic security measure with their own website. That basic security measure being that that you should keep software running on your website up date. By doing that you prevent your website from being able to exploited though a known vulnerability in older versions of the software.

Rackspace’s Knowledge Center website is still running Drupal 7.18:

Rackspace's Knowledge Center is Running Drupal 7.18

That version is now a year out of date and Rackspace has failed to apply four security updates (7.19, 7.20, 7.24, and 7.26). With each of those security updates it has been urged that “Sites are urged to upgrade immediately after reading the security announcement.”. Updating between versions of Drupal 7 is relatively easy, so there isn’t any excuse for them not to have updated it. It also raises the question if Rackspace is handling the rest of their security, much of which is not as visible, as poorly as they are with this.

Is your refrigerator really part of a massive spam-sending botnet?

Aurich Lawson

Security researchers have published a report that Ars is having a tough time swallowing, despite considerable effort chewing—a botnet of more than 100,000 smart TVs, home networking routers, and other Internet-connected consumer devices that recently took part in sending 750,000 malicious e-mails over a two-week period.

The "thingbots," as Sunnyvale, California-based Proofpoint dubbed them in a press release issued Thursday, were compromised by exploiting default administration passwords that hadn't been changed and other misconfigurations. A Proofpoint official told Ars the attackers were also able to commandeer devices running older versions of the Linux operating system by exploiting critical software bugs. The 100,000 hacked consumer gadgets were then corralled into a botnet that also included infected PCs, and they were then used in a global campaign involving more than 750,000 spam and phishing messages. The report continued:

The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014 and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location – and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.

The Proofpoint report quickly went viral, with many mainstream news outlets breathlessly reporting the findings. The interest is understandable. The finding of a sophisticated spam network running on 100,000 compromised smart devices is extraordinary, if not unprecedented. And while the engineering effort required to pull off such a feat would be considerable, the botnet Proofpoint describes is possible. After all, many Internet-connected devices run on Linux versions that accept outside connections over telnet, SSH, and Web interfaces.

Read 10 remaining paragraphs | Comments