What is Browser Plugins and Its Poisoning
Security backholes can affect web browsers. The web browser displays pop-up promotions collects identity information, or installs adware, viruses, or spyware. A cybercriminal can hack a browser’s executable file, a browser’s components, and plugins.
Browser Plugins
A browser plugin is a software that acts as an add-on to a browser and installs extra functions in the browser. Browser plugins allow a browser to show additional unavailable content by default. For example, the Macromedia Flash Player and Shockwave are browser plugins.
These browser plugins display attractive graphics, cartoons, and animations that improve the look of a web page. Browser Plugins also display the content developed using the software.
Quicktime Player and Acrobat Reader are also popular plugin applications. Most plugins are available and free for download. To install a plugin, you visit the plugin’s website and click on a link that will download the installer for the plugin.
Download and save the installer. Once you have a copy of the installer, open it and follow the prompts to install the plugin on your system. You may have to restart your web browser to enable the plugin’s other functionality.
As Flash and Shockwave content became popular, the criminals examined these plugins and software, determined vulnerabilities, and exploited Flash Player. The successful operation causes a system crash or allows a criminal to get control of the affected system, which expects data losses to occur. The criminals also continue investigating the more popular plugins and protocols for vulnerabilities.
SEO Poisoning
Search engines assign page ranking and present vital results based on users’ search queries. Depending on the site content, it may show higher or lower in the search result list. Search Engine Optimization (SEO), is used to improve the ranking of a website in search engines.
Many legitimate organizations and companies are working to optimize websites to better rank on search engines. SEO poisoning is a technique that uses cybercriminals to make a malicious website appear higher in search results.
The goal of SEO poisoning is to redirect more traffic to malicious websites. These sites perform different harmful activities, such as malware hosting and social engineering.
Browser Hijacker
Browser hijacking is malware that modifies a web browser‘s settings without a user’s permission. It redirects the user to the cybercriminals’ websites. This software aims to help cyber criminals.
The browser hijacker is usually part of the drive-by download, a software program that automatically downloads to the victims’ computers when a user visits a harmful site. To avoid browser hijacking, read the user agreements carefully when downloading software. It usually changes the default search engine and homepage.
For example, a browser redirects the victim’s homepage to the hijacker’s search page and then redirects the victim’s search to links the hijacker wants the victim to visit. The hijacker also causes slow loading because it installs multiple toolbars in the browsers. The hijacker also displays multiple pop-up advertisements without the users’ permission.
Defending Against Email and Browser Attacks
Educating the end-user about being cautious towards unknown email(s) and using host/server filters is helpful against defending spam and emails. The organization must also educate its employees about the dangers of opening email attachments containing viruses or worms.
Do not suppose that email attachments are safe. Even if the mail is from trusted sources, the virus can use the sender’s computer to spread itself. Always scan email attachments before opening them.
Defending against spam is not easy, but reducing its effect is possible. For example, ISPs and Email service providers filter spam emails. Antivirus and email software also automatically do email filtering. This software detects and removes spam from an email inbox.
The Anti-Phishing Working Group (APWG), founded in 2003, is an international consortium focused on eliminating the identity theft and fraud that result from phishing and email spoofing. The APWG also keeps all software updated and makes sure that the latest patches keep away vulnerabilities.