Christopher Boyd GFI Software
download slides (PDF)
Web browsers are all around us, yet most users probably don't stop to think about them too much. Where browsers are concerned, most users think of threats as being malicious web pages, drive-by downloads and social engineering. They give up their trust to these browsers wholeheartedly, allowing them to save passwords, retain browsing habits and much more besides.
When the web browser itself is a rogue entity - built from the ground up to perform malicious acts - this is a very bad idea.
What happens when the very tool you share your closest browsing secrets with is intentionally betraying trust with every click of the mouse?
What happens when your browser intentionally sends you to places that could result in jail time?
This talk will examine the history of the rogue web browser, looking at key examples from 2006 to 2008 along with possible reasons the 'movement' died out and examples of how the genre has evolved and made a comeback in the last year or two. Proxy browsers and hacks that turn a legitimate browser rogue will also be examined. Russian forums, email exchanges, illegal websites, smear campaigns, crime rings, documents from underground servers and adware vendors all feature heavily.