About Thawte

News

New malware utilizes PACs to hijack web browsers

If left unmanaged, the web browser is perhaps one of the most vulnerable places for malware to infiltrate a user's system. Whether it be a lone individual or an employee subject to a phishing attack, browser security remains an important area of concern in today's ongoing cybersecurity battle.

According to Dark Reading, computer security experts have detected a technique used by cybercriminals to compromise a system's browser. The method, which has been widely used to infiltrate Brazilian banks, is likely to spread throughout the world within the next few years.

Proxy auto-configuration the cause
The malware functions by manipulating the way a browser sends information requests, otherwise known as proxy auto-configuration (PAC). When a user engages in a secure transaction with a merchant or financial institution, the cybercriminal uses a hijacked PAC to reroute the information to the attacker's server instead, allowing third parties to execute code on the victim's system, set a proxy for the browser and capture selected traffic.

The most alarming aspect of this kind of attack is that victims are entirely unaware of the fact that their network controls have been taken over, since they can still perform the same internet functions as before.

"The victims surf normally, and it's completely undetectable to the end user, except for when they hit a site that is specified by the attacker," said Daniel Ingevaldson to Dark Reading.

Most of the malicious PACs identified have been used to create phishing schemes where attackers target a specific company or individual through emails or download files that fraudulently represent a legitimate institution to steal authentication credentials.

Proactive steps on the user end to take
Malware attacks are an unfortunate risk in even the most secure computer transactions. Fortunately, users and businesses can take steps to ward off cybercriminals trying to infiltrate their computer via web browsers. The first and easiest step one can make is ensuring that their browser is running the most recently updated version.

"Browsers have to be patched and updated just as often as operating systems," said Abhay Bhargav, security expert. "Once an attacker has access to your browser, he pretty much has access to your computer. You have lost that battle."

Users can also benefit from improving awareness of the encryption supported by the browser. By adjusting the permission setting so that only trusted certificate authorities (CAs) have access and that SSL encryption is displayed through the secure padlock icon in the browser's toolbar, users can know that any online transactions and sensitive information is outside the grasp of thieves.

The Thawte Trusted Seal is a recognized symbol of security in encryption technology. Stop by Thawte today to purchase the latest in SSL certificates.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?