Posted by: Dave Bateman
malicious script, Malware, tabnapping
It seems like as soon as one computer vulnerability is corrected, another one pops up. I just heard of one that is pretty clever. It is totally unbiased – it can target just about anyone that uses a web browser.
One very popular feature of web browsers nowadays is the ability to have multiple tabs open. This way, you don’t need to close one website to visit another, you simply open a new tab. After a long session of surfing, you may find yourself with several open tabs. One concern is that if you have a number of tabs open, you may forget what tabs are active and walk away from your desk while logged in to, for example, Gmail or Facebook. Because of this, many websites automatically log you out of their site after a certain amount of time in which no activity is detected. When you return to the tab, you are asked to log back in. I am sure this has happened to most of you reading this article. This is the very situation that this new threat depends on.
This new threat is called tabnapping. It works by a malicious script running and opens a tab in the background. The tab is labeled so that it looks like a website you may visit often, such as Facebook or Gmail. When you click on the tab, you see a web page that looks like the login page for that service, but is actually a malicious page that records your username and password.
Normally, browser vulnerabilities are specific to a certain brand of browser, but currently most browsers seem susceptible to this vulnerability. So, until there is a fix for this, it is best that whenever you end up at a login page that you don’t remember opening, close the site and manually enter that site’s address.