XPI: 下一个æ¶æ„软件容器?
ä»Šå¤©è¯»åˆ°ä¸€ç¯‡æ–‡ç« ï¼š
XPI: The next malware vector?
有点æ„æ€ã€‚如今的phishing siteå·²ç»è¶Šæ¥è¶Šæœ‰æ„æ€äº†ï¼šç”¨IE访问è¦æ±‚安装ActiveX,使用Firefox则è¦æ±‚安装XPI。也许Firefox的安生日å也没有多久了,也许还有2年?5年?:)
å…¶å®žæˆ‘å’Œè¿™ç¯‡æ–‡ç« çš„ä½œè€…çš„æ€åº¦æ€»ä½“上差ä¸å¤šï¼Œè™½ç„¶XPIçš„malwareå·²ç»é€æ¸å¼€å§‹å‡ºçŽ°ï¼Œä¸€æ—¶åŠä¼šä»ç„¶ä¸ä¼šæˆå¤§æ°”候:
next ActiveX of malware drive-bys? Maybe, but probably not. While the
idea of having a single package to infect multiple operating systems is
very appealing to malware distributors, most will stick to Windows
systems as the primary targets because of the large share of the
desktop market. TriggerInstall isn’t new and has actually been around
for quite a while but hasn’t become a popular method used by web sites.
I think most malware distributors will stick to an "ActiveX or
Executable" delivery method for a little while longer.
ä¸è¿‡å¯¹äºŽä¸€ä¸ªå·²ç»è¶…过了10%的市场å 有率的æµè§ˆå™¨ï¼Œå¦‚果有人写了XPI malware,也将是一个æžå¤§çš„å±å®³ã€‚è§£å†³è¿™ä¸ªé—®é¢˜é™¤äº†ä½¿ç”¨ä¼ ç»Ÿçš„URL过滤的方案之外(毕竟这个网站本身还是一个phishing site,å³ä½¿ä¸æ˜¯ï¼Œè¿™ä¸ªXPIçš„URL也很容易放进malware list),也许一个åˆé€‚的基于æµè§ˆå™¨çš„方案也是å¯è¡Œçš„,例如pattern。
好å§ï¼Œæˆ‘很想把nativeæ“作系统上é¢çš„东西æ¬ç§»åˆ°æµè§ˆå™¨ä¸Šé¢æ¥ï¼Œå¤Ÿç–¯ç‹‚å¦ã€‚