Using software updates to spread malware

LAS VEGAS–Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.

For more details visit: http://news.cnet.com/8301-27080_3-10301485-245.html

Holy Cow!

Even updating can make ur computer to smile? ;D

Oh well, do more harm than good,thats updating^^ ;D

-AnimeLover^^

Thank you, Pete. This sounds like a vulnerability to a bogus wifi hotspot or hijacked wifi dns server. I’ll be careful where I do my software updates and my online banking too. Using a desktop computer provides me with lots of protection in this case.

seriously using update over http and not https ? no digital signatures … jeez what are software coders of these days thinking :slight_smile:

Ha, ha.

Fortunately, according to the blog author, they’ve only identified

About 100 applications, many among the most popular on CNET’s Download.com

Mostly amateurs, I bet. I wish the author had done a little more research and reported if any of the major software products were vulnerable. Lacking any evidence to the contrary, I doubt they are. I love this info from one of the “security researchers”:

The researchers said they had not tested whether Firefox or other major browsers are vulnerable.

Let’s see. You tested 100 applications, but didn’t test any of the major browsers? I suspect that’s because they were pretty sure they wouldn’t find a vulnerable update process there.

People should be careful when using public Wi-Fi networks and avoid doing software updates on them, he said.

Be careful? I should hope so, but it should be safe for most major, professionally developed products.