Manage updates with the Download App
Ghost of HTML5 future: Web browser botnets
by Carol~ 
- 4/27/12 5:26 PM
In Reply to: NEWS - April 27, 2012 by Carol~
HTML5 will allow web designers to pull off tricks that were previously only possible with Adobe Flash or convoluted JavaScript. But the technology, already widely supported by web browsers, creates plenty of opportunities for causing mischief.
During a presentation at the B-Sides Conference in London on Wednesday, Robert McArdle, a senior threat researcher at Trend Micro, outlined how the revamped markup language could be used to launch browser-based botnets and other attacks. The new features in HTML5 - from WebSockets to cross-origin requests - could send tremors through the information security battleground and turn the likes of Chrome and Firefox into complete cybercrime toolkits.
Many of the attack scenarios involve using JavaScript to create memory-resident "botnets in a browser", McArdle -url=]warned[/url], which can send spam, launch denial-of-service attacks or worse. And because an attack is browser-based, anything from a Mac OS X machine to an Android smartphone will be able to run the platform-neutral code, utterly simplifying the development of malware.
Creating botnets by luring punters into visiting a malicious web page, as opposed to having them open a booby-trapped file that exploits a security flaw, offers a number of advantages to hackers.
Continued : http://www.theregister.co.uk/2012/04/27/html5/
Unread
Read
Locked thread
Moderator
CNET Staff
Samsung Staff
Norton Authorized Support Team
AVG Staff
avast! Staff
Webroot Support Team
Acer Customer Experience Team
Windows Outreach Team
Dell Staff
Intel Staff
Question
Resolved question
General discussion
Tip
Alert or warning
Praise
Rant