Tools no image

Published on March 16th, 2011 | by NJ Ouchn


Zscaler Safe Shopping Firefox AddOn v1.0 Released

Zscaler Safe Shoping keeps you safe from fake and compromised stores
Click on the link above to install the plugin.
We're happy to release yet another free Firefox plugin to protect users: Zscaler Safe Shopping. It has been submitted to the official Mozilla add-ons sites, but will likely take a few weeks to be approved. In the meantime, you can download it from our site.
Virtually all browsers contain blacklists to prevent users from accessing malicious sites: Google Safe Browsing, Phishtank, etc. These blacklists do not however, generally block sites that have been compromised for Blackhat spam SEO attacks, HTML/JavaScript injections pulling malicious content from another domain, etc. Rather, they block the malicious pages that hijacked sites redirect to, or pull content from.
This behavior is fine for most websites where you just surf and do not leave any sensitive information. But would you be fine with leaving your personal mailing address, your phone number and your credit card number on a website that is fully controlled by ill-intentioned hackers? How do you know the site you are visiting has not been compromised when your blacklist ignores this type of threat?
The Zscaler Safe Shopping plugin is continually fed information regarding compromised and fake online stores. It warns you when you visit one of these domains. The list of domains is checked and updated regularly via Zscaler's cloud security service.
Compromised stores
A compromised store is a website where one or several groups of hackers has full access to the website. They can add, remove, and modify pages, access the database, etc. This means they could change an order form to get all your shopper information, or get it directly from the store database, or change the payment form to redirect to a a phishing site, and more.
We detect these compromised online stores based on several factors that show total control by an outside party. Some of these include:
For regular users, these sites may not show any sign of being hijacked…  And that's exactly what the attackers want.
To see a sample warning for a compromised store, go to http://compromised.example.com/ after you install the plugin.
Zscaler Safe Shopping warning for a compromised store
To prevent people from using our list to find compromised stores for malicious purposes, we store the domains a hash table, rather than in a plain text list.
Fake stores
Recently, we've highlighted the number of high profile, legitimate sites, that have been hijacked to lead to fake online stores. These stores often offer up software downloads at highly discounted prices. The downloads are not blocked as malware by Google Safe Browsing, or phishing sites by Phishtank.
We've found about 100 such fake stores that are still up, and more are showing up every day.
To see the warning for a fake store, go to http://fake.example.com/ after you install the plugin.

Zscaler Safe Shopping warning for fake stores

Zscaler Safe Shopping options

You can customize Zscaler Safe Shopping via the following options:

  • Whitelist: do not show a warning for a list of user supplied domains
  • Blacklist download interval: how often should the plugin download the new list of compromised and fake stores
Zscaler Safe Shopping preferences
In addition to the option menu, Zscaler Safe Shopping adds an icon to the status bar, at the bottom of the browser. This allows you to turn the plugin on and off with a click of the mouse, without having to restart Firefox. The icon turns gray when the plugin is disabled.
Zscaler Safe Shopping status bar
This plugin is a good addition to our Search Engine Security add-on to keep Firefox users safer.
If you find any problem with this add-on, please let me know at jsobrier@zscaler.com

Tags: , , , , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑