A malevolent program capable of using a browser to transmit and
receive data secretly across a firewall was demonstrated at the
DefCon security conference in the US earlier this month.
South African security firm SensePost showed that a program, dubbed
Setiri, uses a feature of Microsoft's Internet Explorer to allow
hackers to take control of a system without triggering the firewall
defences or alerting the user.
After the Setiri Trojan horse is planted on a system, it will
launch an "invisible" window. Such windows are used legitimately to
execute useful background tasks or specialised Java applets when
browsing the Internet.
The contents of the invisible windows do not concern users and may
confuse them so Microsoft included the invisibility feature to keep
them hidden.
To the system the Setiri window looks like a legitimate browser
window launched by the user and allows it to connect to the
hacker's computer over the Internet.
Once connected through the browser, the hacker can plant
applications to allow activities such as recording key strokes on
the host machine or can access and download files.
Security experts attending DefCon in Las Vegas said the
demonstration of Setiri has confirmed their fears that the next
step in hacking technology will bypass firewall detection.
Although this could be a serious new threat to businesses, Gunther
Ollmann, manager of X-Force security assessment services for
Internet Security Systems, said Setiri can be overcome as long as
companies keep their localised anti-virus software up to date and
do not rely solely on firewall protection.
"Anti-intrusion software should allow systems managers to detect
unwelcome activity," he said.
"Pop-up stoppers, designed to prevent additional pop-up windows
[including invisible windows] from being launched by an existing
window could also be used."
Microsoft said it is assessing the risk but has not yet offered
users any advice on the subject.
Unix systems left vulnerable by security hole
A
security hole has been reported in Sun Microsystem's XDR (External
Data Representation) Library which could render Unix operating
systems and the Massachusetts Institute of Technology's Kerberos
authentication software vulnerable to attack.
The buffer overflow problem could allow hackers to run arbitrary
code on affected systems or cause denial of service problems,
according to Internet security organisation Cert.
The vulnerable systems so far reported are:
- Sun Solaris
- IBM AIX
- Apple Macintosh OS X
- Debian Linux.
Cert advised users of these systems to contact their suppliers for
patches and fixes.
XDR provides platform-independent methods for sending data from one
system process to another over a network connection.