|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SpyWare and HTTP headers
From: Steve McCullough (website
showmethesmut.com)
Date: Mon Sep 06 2004 - 10:02:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
I've recently had a flurry of page errors associated with clients who
are browsing with FunWebProducts malware installed. There's more about
this irritant here: http://forums.spywareinfo.com/index.php?showtopic=15652
Oddly for spyware, FunWebProducts announces its presence in the
USER_AGENT header [an actual example: "HTTP_USER_AGENT:Mozilla/4.0
(compatible; MSIE 6.0; Windows 98; FunWebProducts)"]. This is doubly odd
because it lets you know about the threat and allows server-side
response to a client-side privacy-breaking vulnerability. I've added a
check for this header as part of my non-secure-side error handling and
as part of my secure-side authentication.
HTTP headers are usually only mentioned in discussions of web
application security by noting that they are trivial to forge (never
trust the client, blah, blah). I was wondering, on the other hand, if
anyone has experience with parsing them for info that might be useful as
a vulnerability/attack signature at the application level.
Steve
--
Steve McCullough
Web Developer
www.venusenvy.ca
www.showmethesmut.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]