Botnet with Browser Extensions

Botnets are responsible for many large scale organized Internet attacks today. Along with the fight between botnet developers and defenders, the battle field has significantly evolved from traditional centralized IRC to various new approaches, aiming to make bots and command and control channel more and more stealthy. In this work, through prototype implementations, we demonstrate that browser extensions are a very effective botnet vehicle with very large installation base and the capability of accessing rich sensitive user data in the browser. The automatic update mechanism of browser extensions further offers a stealthy command and control channel between bots and a botmaster. Compared to many others, extension-based bots are more stealthy and harder to defeat since all mainstream browser architectures provide rich APIs for browser extensions to enrich users´ browsing experience with insufficient consideration of malicious extensions. Via both an IE add-on and a Chrome extension, we show that attacks like email spamming, password sniffing, and DDoS are trivially feasible. Our study shows that an effective scheme is imperatively demanded to mitigate such threats.