We all know that hackers are constantly trying to steal private information by getting into the victim’s system, either by exploiting the software installed in the system or by some other means. According to one stat, more than 60 percent of Adobe Reader users are have unpatched versions, leaving them vulnerable to attacks. By performing routine updates for their software, consumers can protect themselves, patching known vulnerabilities and therefore greatly reducing the chance of getting hacked.
Commonly used software, such as MS Office, Adobe Flash and PDF reader (as well as the browsers themselves) are the major targets for exploits if left unpatched. In the past, fake patches for Firefox, IE, etc. displayed messages informing users that updated versions for a plugin or the browser were available, prompting the user to update their software. For example, the page will tell the user that updating their Flash version is critical. Once the user clicks the fake update, it will download malicious content (like, for example, the Zeus Trojan) to the victim’s computer, as well as perhaps a rogue anti-virus, asking the user to pay in order to remove the infections. Similar attacks have been done in the past for various browsers, too.
Normally, if there is an update for the Firefox browser, the update notifications are displayed as popups rather than webpages. A better way to check for any update in Firefox is go to the Help optionàselect “about Firefox.” If the browser needs an update, it will display something that says “apply update.”
Most people avoid updating since it can be annoying at times. But if we are handling sensitive information in our systems, then updating and patching up the important software should be of high priority.
When you think about it, how many people are really cautious about the updates, the type of update or the link from where they are downloading and installing the update? Obviously, there are very few people that are really cautious and vigilant about updates, therefore making the success rates for those exploiting the users high. One effective way of exploiting users is by using tools like EvilGrade.
EvilGrade is a framework which the exploits weaknesses in the auto-update services of multiple common software packages and the attack performed by this framework is one of the best example for client exploitation. This framework tricks the service into believing there is a signed update available for the product, thus prompting the user to install the upgrade where the upgrade is the attacker’s payload. This type of attack is a bit difficult for a normal user to detect since they don’t see anything suspicious and the upgrade looks legitimate.
We can use this framework with the combination of DNS spoofing or Man-in-the-middle attack in order to spoof the software upgrade. This therefore tricks the victim into downloading the upgrade, thereby executing our malicious arbitrary code.
The EvilGrade supports various famous software like Notepad, iTunes, Java plug-in, WinZip, Winamp, DAP, OpenOffices, LinkedIn, Speedbit, etc.
Evilgrade takes the advantage of various applications because most of these verify neither the update contents nor the master update server. Basically, in this type of attack, the attacker seeks to modify the DNS traffic of the victim and return them to some other ip address controlled by the attacker.