Saturday, October 06, 2012

Malicious Chrome Plugin.

I got bit.  :-/   I installed "Youtube Downloader." for what appeared to be a good and valid reason, really it was.

Then, today, when I was attempting to work on a page for a client, I saw a weird javascript in my source that started:

var hkghawgalkgklrgjlargjsrhg_hejrghakwghakwegkawefak = (function(){ var e=null,f=[[15,18,7,19,2,0,17,14,6,3,11,20,16,1,9,4,8,13,12,5,10],[19,1,16,5,14,17,13,18,15,8,2,20,7,11,4,9,12,10,3,6,0],...... (lots more) 

What's weird is that this was getting injected on a page that I had on my c: drive.




Now,  I know I didn't put that in there.  Some Googgling [[ LINK ]]found that it was a spam generator of some sort, inserted by Youtube Downloader.


I haven't bothered to decode it, but the truely weird thing was it was being inserted to the page from the chrome plugin - via a perfectly reasonable path, that's how bit.ly shorteners and skype and google voice phone number link makers work after all,

What's weird is,  apparently NONE of my security software catches that.  It makes me wonder if this is a category of stuff they don't catch.  Most odd.

Anyway, one more explanatory link on the web while I wipe the egg off my face.

Post a Comment