The way this entire operation works is by crooks buying ads on legitimate websites. The attackers insert malicious JavaScript in these ads, which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address.
Another reason to avoid WebRTC
-
- Astronaut
- Posts: 650
- Joined: 2015-07-30, 20:29
- Location: Vaughan, ON, Canada
Another reason to avoid WebRTC
From https://www.bleepingcomputer.com/news/s ... r-browser/ which ended up on Slashdot. Javascript in malware 3rd-party ads uses WebRTC to determine the computer's local IP address behind the router/modem, and uses that info as part of attack against the router/modem. It's not just privacy, it's security, too.
There's a right way
There's a wrong way
And then there's my way
There's a wrong way
And then there's my way
Re: Another reason to avoid WebRTC
I have seen more damn hits on my WordPress blog from infected routers it's unreal! And I bet these people wonder why their speed is horrible.
Re: Another reason to avoid WebRTC
I have been running my browser without WebRTC for a while with the aid of this link: https://browserleaks.com/webrtc#webrtc-disable
Would that help if one doesn't use an AD blocker?
Would that help if one doesn't use an AD blocker?
Re: Another reason to avoid WebRTC
What?
Blocking WebRTC doesn't replace a ad blocker.
Blocking WebRTC doesn't replace a ad blocker.
Re: Another reason to avoid WebRTC
If you are running Pale Moon, then you are running your browser without WebRTC, because Pale Moon does not include WebRTC.John connor wrote:I have been running my browser without WebRTC for a while with the aid of this link:
Nichi nichi kore ko jitsu = Every day is a good day.
Re: Another reason to avoid WebRTC
dark_moon wrote:What?
Blocking WebRTC doesn't replace a ad blocker.
Apparently the IP address is retrieved using WebRTC in the AD.
Re: Another reason to avoid WebRTC
The attack described in the article linked in the first post in this thread involves malicious JavaScript that triggers WebRTC to send the user's IP to a control server, and the JavaScript is embedded in an ad. So either blocking ads -or- having WebRTC disabled would shut down this particular attack.dark_moon wrote:What?
Blocking WebRTC doesn't replace a ad blocker.