A malevolent program capable of using a browser to transmit and receive data secretly across a firewall was demonstrated at the DefCon security conference in the US earlier this month.

South African security firm SensePost showed that a program, dubbed Setiri, uses a feature of Microsoft's Internet Explorer to allow hackers to take control of a system without triggering the firewall defences or alerting the user.


After the Setiri Trojan horse is planted on a system, it will launch an "invisible" window. Such windows are used legitimately to execute useful background tasks or specialised Java applets when browsing the Internet.

The contents of the invisible windows do not concern users and may confuse them so Microsoft included the invisibility feature to keep them hidden.

To the system the Setiri window looks like a legitimate browser window launched by the user and allows it to connect to the hacker's computer over the Internet.

Once connected through the browser, the hacker can plant applications to allow activities such as recording key strokes on the host machine or can access and download files.

Security experts attending DefCon in Las Vegas said the demonstration of Setiri has confirmed their fears that the next step in hacking technology will bypass firewall detection.

Although this could be a serious new threat to businesses, Gunther Ollmann, manager of X-Force security assessment services for Internet Security Systems, said Setiri can be overcome as long as companies keep their localised anti-virus software up to date and do not rely solely on firewall protection.

"Anti-intrusion software should allow systems managers to detect unwelcome activity," he said.

"Pop-up stoppers, designed to prevent additional pop-up windows [including invisible windows] from being launched by an existing window could also be used."

Microsoft said it is assessing the risk but has not yet offered users any advice on the subject.

Full Article: cw360