Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Zscaler Releases Free Browser Plugin to Combat Fake and Hacked Sites

Zscaler today released a free Firefox plugin designed to help protect users from fake and compromised online storefronts. 

Zscaler today released a free Firefox plugin designed to help protect users from fake and compromised online storefronts. 

Zscaler LogoAs Internet users attempt to buy products and services online, they are giving away sensitive information such as credit card numbers and other personal information. Zscaler Safe Shopping is a free Firefox plugin, which warns users when they visit a domain identified by Zscaler as potentially malicious. The plugin utilizes Zscaler’s cloud infrastructure to provide constant updates as compromised or fake online stores are identified.

The number of compromised and fake online stores is growing, and unsuspecting users are falling victim to such sites every day. A September 2010 report from Panda Security revealed that cybercriminals were creating 57,000 new “fake” websites each week, mainly looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. But in addition to these well known brands, thousands of other Web sites exist from smaller merchants and companies around the world that may not have the security resources that larger operations have.

According to Michael Sutton, VP of Security Research at Zscaler, “Users have grown comfortable with online commerce. What they don’t realize is that lesser-known online stores can become compromised, often due to known vulnerabilities in popular technologies that have not been patched by the merchant. When this occurs, while the store itself may be legitimate, attackers could have access to the back end database.”

“The big compromises that hit the news only tell a part of the story. As Black Hat hackers have traded their morals for profits long ago, smaller online merchants have also been prey to hacking attempts,” according to Idan Aharoni, Manager of the FraudAction Intelligence team at RSA and an ongoing SecurityWeek columnist. “These merchants often use off-the-shelf shopping cart software, which are not invulnerable to exploits. As these exploits become public, the merchants that use these software products and do not patch their systems become prime targets for script kiddies and less sophisticated hackers,” Aharoni writes in his most recent column.

Most Web browsers now make use of blacklists to help prevent users from accessing known malicious sites, but these blacklists typically don’t block sites that have been compromised. Most of the blocking from blacklists such as Google Safe Browse and others focus on sites that may be hosing malware or phishing attacks. In the case of ecommerce enabled sites, when users provide financial information and personal information, general blacklisting isn’t sufficient. According to ZScaler, these types of commerce attacks are successful because users often have no idea that the site they are visiting has been compromised, or is a scam built by ill-intentioned hackers.

“Attackers are constantly adjusting their tactics and traditional security controls are failing to keep up,” said Julien Sobrier, senior researcher at Zscaler labs and developer of the new Safe Shopping plugin. “As blacklists have improved their detection of traditional attacks such as fake antivirus campaigns, attackers are now shifting to fake and compromised storefronts, which are not being detected by the browser.”

Zscaler is also the company that developed “BlackSheep,” the Firefox that helps end users identify usage of FireSheep, the controversial Firefox extension that makes it dead simple to tap into someone’s social networking and email accounts (and many others) by “hijacking” user sessions while connecting via unsecured wireless networks.

The Zscaler Safe Shopping plugin is freely available and can be downloaded here.

Advertisement. Scroll to continue reading.
Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.