Zscaler today released a free Firefox plugin designed to help protect users from fake and compromised online storefronts.
The number of compromised and fake online stores is growing, and unsuspecting users are falling victim to such sites every day. A September 2010 report from Panda Security revealed that cybercriminals were creating 57,000 new “fake” websites each week, mainly looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. But in addition to these well known brands, thousands of other Web sites exist from smaller merchants and companies around the world that may not have the security resources that larger operations have.
According to Michael Sutton, VP of Security Research at Zscaler, “Users have grown comfortable with online commerce. What they don’t realize is that lesser-known online stores can become compromised, often due to known vulnerabilities in popular technologies that have not been patched by the merchant. When this occurs, while the store itself may be legitimate, attackers could have access to the back end database.”
“The big compromises that hit the news only tell a part of the story. As Black Hat hackers have traded their morals for profits long ago, smaller online merchants have also been prey to hacking attempts,” according to Idan Aharoni, Manager of the FraudAction Intelligence team at RSA and an ongoing SecurityWeek columnist. “These merchants often use off-the-shelf shopping cart software, which are not invulnerable to exploits. As these exploits become public, the merchants that use these software products and do not patch their systems become prime targets for script kiddies and less sophisticated hackers,” Aharoni writes in his most recent column.
Most Web browsers now make use of blacklists to help prevent users from accessing known malicious sites, but these blacklists typically don’t block sites that have been compromised. Most of the blocking from blacklists such as Google Safe Browse and others focus on sites that may be hosing malware or phishing attacks. In the case of ecommerce enabled sites, when users provide financial information and personal information, general blacklisting isn’t sufficient. According to ZScaler, these types of commerce attacks are successful because users often have no idea that the site they are visiting has been compromised, or is a scam built by ill-intentioned hackers.
“Attackers are constantly adjusting their tactics and traditional security controls are failing to keep up,” said Julien Sobrier, senior researcher at Zscaler labs and developer of the new Safe Shopping plugin. “As blacklists have improved their detection of traditional attacks such as fake antivirus campaigns, attackers are now shifting to fake and compromised storefronts, which are not being detected by the browser.”
Zscaler is also the company that developed “BlackSheep,” the Firefox that helps end users identify usage of FireSheep, the controversial Firefox extension that makes it dead simple to tap into someone’s social networking and email accounts (and many others) by “hijacking” user sessions while connecting via unsecured wireless networks.
The Zscaler Safe Shopping plugin is freely available and can be downloaded here.