Security experts at the RSA Conference 2008 warn that browser attacks are becoming more sophisticated. Infected websites can allow a browser to be taken over in bot-like fashion.
For example on a virtual world site, an avatar could walk out on the screen, turn off mouse and key controls-making it difficult stop the attack. An infected browser can change registry time stamps to make it difficult to detect even for forensics. A browser can also be redirected to a site where further attacks are made.
Hand held devices with browsers, including phones can be corrupted in this manner. Any application that interacts with a browser is subject to these vulnerabilities; this would include many flash drives.
These attacks can be used to get access behind corporate firewalls and further spread by infecting administrators’ browsers. The risk of potential damage to a business is substantial.
Attacks of this nature can be targeted to a certain demographic, by targeting a site they would use. The fact that the site is infected may not be discovered until long after the damage is done.
While definitive protection against these attacks is not yet available, there is some software available that can help. Some anti-virus companies offer software that is designed to warn of suspected malicious code on sites (including trusted ones) while browsing or searching.