#uTorrent bug allows #websites to spy on PC and steal downloaded files

Google researcher uncovered another uTorrent bug allowing hackers to spread malware
Google Project researcher Tavis Ormandy discovered a severe remote code execution bug in uTorrent Web, which will enable hackers to disseminate malware via hacked software on malicious websites. Hackers exploited a way to steal uTorrent’s authentication tokens and take complete control over the service.
Initially, this problem had been reported in December,[3] except that it touched BitTorrent and uTorrent Classic. Then Ormandy warned clients that the vulnerability might allow hackers to infect websites from which torrents are downloaded and, therefore, allow them to see what software you tend to download. He pointed out that:
Once you have the secret, you can just change the directory torrents are saved to, and then download any file anywhere.
Cybercriminals found a way to steal tokens via torrent websites loaded over a web browser. This way they manage to steal the authentication token and may take full control over uTorrent service.
By default, uTorrent Web create an HTTP RPC server on port 10000 (uTorrent classic) or 19575 (uTorrent web). However, experts have found multiple flaws in the RPC server, which allows hackers to exploit any data using XMLHTTPRequest(). In other words, visiting practically any website can end up with software corruption and malware injection.
The flaw allows hackers to inject malware into Windows startup folder
uTorrent Web uses a web interface.[4] Thus, in comparison to desktop apps, the service is controlled by a browser. Besides, the uTorrent web is configured to start along with the Window OS. This grants the service to be running and accessible all the time.
Once crooks steal the authentication token, they generate a random one and inject it in a configuration file, which must pass all URL parameter requirements. After the hack, the hijacked uTorrent Web server’s icon o will generate a browser window with the controlled client. This way, website’s owner or manager can give the software a command to download a severe infection, which is installed straight to the Windows startup.

Comments

Post a Comment

Popular posts from this blog

How to make ‪#‎symbols‬ with your ‪#‎keyboard‬

Image
Alt + 0153..... ™... trademark symbol Alt + 0169.... ©.... copyright symbol Alt + 0174..... ®....registered trademark symbol Alt + 0176 ...°......degre­e symbol Alt + 0177 ...±....plus-or­-minus sign Alt + 0182 ...¶.....paragraph mark Alt + 0190 ...¾....fractio­n, three-fourths Alt + 0215 ....×.....multi­plication sign Alt + 0162...¢....the cent sign Alt + 0161.....¡..... .upside down exclamation point Alt + 0191.....¿..... ­upside down question mark Alt + 1...........smiley face Alt + 2 ......☻.....bla­ck smiley face Alt + 15.....☼.....su­n Alt + 12......♀.....f emale sign Alt + 11.....♂......m­ale sign Alt + 6....... ♠ .....s­pade Alt + 5....... ♣ ...... ­Club Alt + 3............. ­Heart Alt + 4....... ♦ ...... ­Diamond Alt + 13......♪.....e­ighth note Alt + 14......♫...... ­beamed eighth note Alt + 8721.... ∑.... N-ary summation (auto sum) Alt + 251.....√.....s­quare root check mark Alt + 8236.....∞..... ­infinity Alt + 24.......↑..... ­up arrow Alt + 25......↓...... ­down arrow
Read more

How to Protect Your Computer from Malware and Viruses

Image
  Protecting your computer from malware and viruses is essential to ensure the security and integrity of your personal and sensitive data. Here are some effective steps you can take to safeguard your computer: 1. Install Antivirus Software: A reputable antivirus program is your first line of defense against malware and viruses. Choose a well-known and up-to-date antivirus software, and regularly update its virus definitions. 2. Keep Your Operating System Updated: Regularly update your operating system (e.g., Windows, macOS, Linux) and applications with the latest security patches. This helps to address vulnerabilities that malware could exploit. 3. Use a Firewall: Enable the built-in firewall on your operating system or install a third-party firewall. Firewalls monitor and control incoming and outgoing network traffic, acting as a barrier against unauthorized access. 4. Be Cautious with Email: Malicious attachments and links often come through email. Be wary of opening attachments or c
Read more

How to Turn Wi-Fi On or Off With a Keyboard or Desktop Shortcut in Windows

Image
Some laptops come with “Wi-Fi” function keys or switches that can quickly enable or disable your Wi-Fi. If your PC doesn’t have one of these, though, you can make one with the tools built into Windows. You’ll need to start by creating a desktop or start menu shortcut. Once you’ve done that, you can invoke it with a keyboard shortcut, if you like. Step One: Find the Name of Your Wi-Fi Connection First, you’ll need to check the name of your Wi-Fi connection. You’ll need this to write the commands that enable and disable the Wi-Fi connection. Head to Control Panel > Network and Internet > Network and Sharing Center > Change Adapter Settings. Note the name of the Wi-Fi connection you want to disable. In the screenshot below, the name of the connection is “Wi-Fi”. Step Two: Create the Desktop Shortcuts Now that you know the name of the connection, you can create the desktop shortcuts you need. Right-click the Windows desktop and select New > Shortcut to creat
Read more