Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SPONSORED BLOG: Beware of the Bad Piggies

Jason Ding - Research Scientist, Barracuda | Oct. 18, 2012
Free Web version of Rovio's Bad Piggies installs ad injector into over 82K Chrome browsers

BC3

Special code in the plug-in checks to see if the page originates with Yahoo and if so, inserts its own ad from playook.info.

A little more digging turned up a list of websites that are targeted by the plugin...

We saw similar problems with angrybirds.com and MSN.com.

This is not the first time that some Chrome plugins requested extra permissions during the installation. Last month, we reported that several "Facebook Timeline Remover" plugins also requested permission to access data on all websites, where they should only touch Facebook.com websites. Users who give up such extensive permission run the risk of getting their browsers hijacked.  The plugin authors can acquire all the Web data when users browse the Internet with Chrome and then misuse users information, such as stealing and selling user e-mail addresses and online credit card information.

As of 2 October 2012, there are about 82,593 Chrome users who installed these ads-injected plugins, and the total number is still climbing fast day by day, e.g., about 13K new installations from 1 October  to 2 October.

A suggestion to Chrome users; whenever trying to install a plugin inside the Chrome Web store, consider the requested permissions with a critical eye toward the intent of the plugin. If the plugin requests any permission that does not seem reasonable, do not install it. If you have already installed, uninstall them immediately and change your passwords on other websites if possible. 

For more information on how to protect your network please go to www.barracudanetworks.com/

 

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.