Issue
2
–
Mar
2010
|
Page
-
1
Issue
12
–
Jan
2011
|
Page
-
2
Issue
12
–
Jan
2011
|
Page
-
3
JavaScriptBotnets
Heading 1
Anybody who has had even a slight brush with the security industry would have heardof Botnets atleast once. Botnets are a groupof computers compromised and controlled by an attacker, these computers or zombies would perform any actions that the attackercommands them to do. Botnets are usually created by compromising the victims'systems with some remote code executionexploits and then installing backdoors onthem. The attackers must have been working on exploits for 0-days or newly discovered vulnerabilities to be able toinfect more victims. Even then they areusually restricted to only one platformunless they have exploits and backdoors forthe different platforms out there.There is another type of remote codeexecution that is far more easier to perform- JavaScript in web pages. ExecutingJavaScript in someone's system does notrequire any 0-days or exploits but simply requires the person to visit a website.Moreover the same piece of JavaScript would work across all OSs
‘
andplatform(desktops, tablets, mobiles etc).Every time a user clicks on a link he is givinga remote website an opportunity to executecode (JavaScript) on his machine. The window of this opportunity is widened by the concept of tabbed browsing. Most usershave multiple open tabs and most tabsremain open throughout the browsingsession which could stretch for hours.This enables an external entity to utilize the
user‘s processing power and bandwidth for
his malicious needs. Spammers, especially on sites like Twitter, have been able to getthousands of users to click on their links in very short durations. But JavaScript is believed to be handicapped due toperformance constraints and the
restrictions enforced by the browser‘s
sandbox. This however is a misconceptionas JavaScript engines have become extremly
Search History:
Result 00 of 00
00 results for result for
p.
Club Hack Mag - Jan 2011
1st Indian "Hacking" Magazine
160
Reads
0
Readcasts
6
Embed Views
Get Scribd Mobile
To get Scribd mobile enter your number and we'll send you a link to the Scribd app for iPhone & Android.We've sent a link to the Scribd app. If you didn't receive it, try again.
We'll never share your phone number.
More From This User
Notes
Load more
