JavaScript Zombie Network Code spread through the web

Javascript| Network

At last month's ShmooCon hacking conference, an agile attendee downloaded a software that turned web browsers into unconscious hacking tools, and then someone posted the software online.

The software, known as Jikto, was written by Spy Dynamics's lead researcher, Billy Hoffman. Hoffman the code in a speech about JavaScript malware threats, March 24.

As is known to all, JavaScript is a language that can run on any browser, and Hoffman found a way to scan network vulnerabilities software written in JavaScript. The technology is able to circumvent JavaScript's security restrictions, and to prevent the technology from being abused, Hoffman says he has taken additional steps to combat code leaks.

However, in order to demonstrate, he had to publish the Jikto code on the Web. "People can only briefly see the original URL address where the Jikto code resides." ”

However, this information has been sufficient for the attendees of Mike Schroll to get a duplicate.

"I'm sitting very close to the front and I've already got my laptop," said Schroll, a security advisor for the safety management partner company. "As soon as I saw the code, I started typing." ”

Schroll posted the code on his website on March 25 and posted a link on digg.com. At the request of Hoffman, he removed the software in a few hours.

Schroll that the code is useful for security professionals who want to prove the dangers of scripting attacks, so they are published. "I am very interested in this code because we provide some users with fake phishing sites." I'm not trying to use it in a bad way. ”

Schroll said the software had been downloaded about 100 times on his website.

Last weekend, the code again appeared on the Sla.ckers.org online forum.

As Jikto is now publicly available, security researchers are concerned that criminals will use it to search for sensitive information in the intranet, or to build malicious zombie networks. "This particular tool can control web browsers," said Jeremiah Grossman, CTO of White Hat security. "It spreads to other web sites and scans those sites for security vulnerabilities." ”

Hoffman would like to publish his own tools, he said, and the criminals might have been able to develop something similar to his program with just 800 lines of code.

"Unfortunately, my software can't be published," Hoffman said, "but, in fact, the bad guys probably already know how to write these apps, even if they don't know it now, and they'll know it in a few months." ”

He doesn't blame Schroll for leaking jikto code. "Any curious person could have done it like he did," Hoffman said. "I should not blame those who are curious, to satisfy people's curiosity is exactly what I should do." ”