A JavaScript-based botnet? Talk by Chema Alonso and Manu «The Sur» at RootedCON 2012

A few days ago the videos of the Rooted CON 2012 were published, a conference that takes place every year in Spain. I was looking at one of the presentations given by Chema Alonso and Manu The Sur, both security specialists from the company Informtica 64.

For 40 minutes they reveal the details of a experiment they did with a JavaScript-based botnet.

Basically what they did was mount a proxy server that loaded specially crafted JavaScript code to perform an attack Man in the Middle (man in the middle). Remember that proxies on the internet are usually used to hide the real IP of the computer or surf anonymously, many times those who use them are thinking of doing bad things.

This manipulated JavaScript code was stored in the browsers cache and allowed, as long as it wasn't erased, identify the team, access cookies (steal sessions) and access form fields (HTML code). In other words, the browser was somewhat trojanized with JavaScript.

Of course, all of this was done without malicious intentIn addition, it was the users themselves who intentionally connected to their server to navigate. During the experiment they found very curious and even cyber criminals who used the proxy to do their thing.

At the end of the presentation, they perform a live demo so that the risks of the attack are better understood:

Chema Alonso y Manu "The Sur" – Owning “bad” guys {and mafia} with Javascript botnets (RootedCON 2012) from rootedcon on Vimeo.

Surely, after watching the talk you will begin to take greater precautions when browsing strange pages such as clear the cache, browse in private mode or prevent the execution of unknown JavaScripts (Do you remember the Firefox + Noscript post?).

Finally, for those who want to learn more… Chema has published on his blog a series of 5 articles that explain in detail everything done in the experiment. Very good!

Experiment details: Owning bad guys & mafia with Javascript botnets