The link that could crash Google Chrome!

A few weeks ago there was a link released to the public that could crash Google Chrome. It looks like this: http://a/%%30%30

Note that this URL does not crash other browsers like IE, Edge or Firefox due to the way those browsers handle the URL.

The Basics

You cannot type certain characters into a URL, because they have special functions or are just unsupported. To make up for this, browsers understand a percent sign and a number after it as a character which it can decode to get the “real” URL. To understand why Google Chrome crashes, we must first decode the URL.

Decoding the URL

At the end of the URL is this: %%30%30 – %30 gets decoded to 0. It is the same 0 that you would type with your keyboard, and so, we have this: %00. If we decode it again, the %00 gets decoded to a NULL character, which is an invalid character for URLs.

Note that if you had just typed http://a/%00 the browser would detect it as an invalid URL and the bug would not work.

However with Google Chrome, before the decoder is run a second time, the URL is marked as a safe URL to use. Therefore, when Chrome tries to connect to that address, it fails and realises that the URL is invalid. This (for an unknown reason) causes Google Chrome to pop up a window saying “Something has gone terribly wrong here…” and kills Google Chrome.

Summary 

When this URL was released to the public, I tested it with my browser that I am currently developing. My browser crashed as well. xD

I have fixed it if you were wondering 🙂

If you are reading this, the bug has already been fixed with Google Chrome. Chrome now changes the URL to http://a/%2500 to prevent crashes.

Advertisements

The Different Types of Malware

A few people asked me to do this, so here it is! 🙂

Trojans

Trojans are malicious software that are usually designed to steal confidential data from a victim. There are different types of trojan, each designed to perform a specific job. Usually they come with a keylogger to record every key pressed on a victims computer to steal usernames, passwords and other important information.

  • Banking trojans are designed to steal money from someones bank account by manipulating bank websites to send money from a victims bank account to the attackers.
  • Trojan downloaders are designed to download updated malicious code to the computer, potentially allowing someone to control your computer, this is known as a backdoor.
  • Trojan horses pretend to be legit and safe software, but when the user downloads and runs them, they perform a malicious action on the victims computer.
  • Other types of trojans can be simply created for fun or to annoy the user.

Trojans can sometimes be downloaded automatically through websites that have either been comprimised or contain malicious code, this is known as a drive-by download.

Worms

Worms install themselves once to a computer, and then look for another computer to infect. Usually, worms spread through networks or Wi-Fi connections.

However, email-worms require the user to activate them, instead of spreading automatically. Email worms require that you run the worm in order to spread, however, in most cases, if you activate the worm’s payload, it will spread by itself using your contact lists in OutLook to spread.

One example of a Network Worm would be the Sasser worm created by Sven Jaschan. An example of an Email Worm would be the Kiray worm, which you can see here.

Viruses

Viruses are designed to infect applications and documents on a disk and travel autonomously from computer to computer. Some of them do this by inserting their code into other documents, these are known as injectors. When the infected document is opened, the virus is activated and it spreads once again. Other viruses literally copy themselves everywhere on your hard drive, while others hide themselves amongst your portable devices, documents and system files.

Viruses are usually very noticeable and can be seen easily using the Windows Task Manager or other applications alike.

Rootkits

Rootkits are very notorious for the ability to hide themselves amongst system files. Rootkits also have a few of the characteristics of worms, which can lead to people confusing a worm for a rootkit. Like worms, rookits can also spread via network connections, however the main job of the rookit is just to hide and spread. Because rootkits can hide themselves with system files, it is extremely hard for anti-malware programs to detect rootkits, thus making them more likely to activate their payload successfully.

Adware

Adware is probably the most simple out of all malware. Adware simply just causes annoying advertisements to popup on a victims computer. Adware does not spread, therefore making it possible to categorise them as trojans. Adware can surprisingly be annoying to detect, as they usually perform their malicious actions indirectly through web browsers such as Internet Explorer or Google Chrome.

Ransomware

Ransomware is a type of malware designed to block access to certain things on a computer and then demand money to unblock them. There are 2 types of ransomware.

  • Crypto-ransomware is designed to encrypt documents and pictures, and demand the user for money in exchange for a decryption key. This type of ransomware is very easy to be successful, especially if a business is infected.
  • Locker-ransomware is designed to lock certain devices (such as phones or tablets) and then demand credit card information or money to unlock the device

Since the early 2000’s, crypto-ransomware has been used more successfully to target businesses than locker ransomware. One example lf this, would be the CryptoLocker ransomware. The creators of that piece lf ransomware have earned several hundreds of thousands of dollars (US) due to the widespread infection of computers with their ransomware. Ransomware often comes with anti-debugging features, making it harder for malware researchers to look for vulnerabilities or ways to disable it.

Spyware

Spyware is designed to spy on the victims computer tasks. Like trojans, spyware does not spread and they usually come with a key logger. Spyware is also notorious for the ability to hijack a victims web-cam, which is why you should never have a camera near you when getting changed or in the shower.

Note that spyware can automatically turn on the web-cam, without the users permission.

Exploits

Exploits are bundles of malicious code that are designed to use vulnerabilities in other software to their advantage. Like trojan downloaders, exploit kits usually download and install other pieces of malware onto the victims computer.

Most of the time, exploit kits donwload ransomware onto the users computer. Exploits are usually found in Microsoft Word Documents, PDF files or even comprimised webpages, moreover, exploits kits are occasionally sent to victims via email.

Hybrid Malware

Hybrid malware is 2 or more different types of malware combined in one application or webpage, allowing cyber-criminals greater flexibility in their method of infection, payloads and spreading. Anti-malware programs sometimes find that removing hybrid malware can be tricky, because of the malwares complexity and/or anti-debugging features.

Different forms of malware

Forms of malware include scripts, word documents, webpages, pdf documents, applications and more.

Anti-malware programs

You can protect yourself against many types of malware by using Kaspersky Internet Security. You can also protect yourself against exploits using Malwarebytes Anti-Exploit.

There are many reviews and comments about both of those products, so go check them out!

Summary

This took a VERY long time to write, and a lot of research.

Note that many tutorials/fact videos on YouTube are not very reliable. When researching malware, please make sure you get your facts from a reasonably professional source (Example: ThreatPost or Kaspersky Lab) to ensure that you are getting the right information and not some computer noob telling you that everything is a virus 😉

If I missed any type of malware, please tell me on Twitter here

Sources

Kaspersky Lab:

https://kaspersky.co.uk

https://securelist.com

ThreatPost:

https://threatpost.com

Britec09:

http://www.briteccomputers.co.uk

https://youtube.com/user/Britec09

Others:

ThePCSecurityChannel

MaxCyberDefense

Danooct1

Malwarebytes