Zscaler Safe Shopping - Stay Protected Against Compromised Or Fake Stores Online

We're happy to release yet another free Firefox plugin to protect consumers online.

Introducing Zscaler Safe Shopping

This product has been submitted to the official Mozilla Add-ons sites, but will likely take a few weeks to be approved. In the meantime, you can download it from our site.
 

Zscaler Safe Shopping Add-on Installed

Why do you need Zscaler Safe Shopping?

Virtually all browsers contain denylists to prevent users from accessing malicious sites: Google Safe Browsing, Phishtank, etc. These denylists do not however, generally block sites that have been compromised by malicious spam SEO attacks, HTML/JavaScript injections that pull malicious content from another domain. Rather, they block the malicious pages that hijacked sites redirect you to - or pull content from.

While this is fine for most websites, assuming you simply surf and do not input any sensitive information anywhere, but would you be okay with giving your personal mailing address, phone numbers and  credit card information to a website that is fully controlled by ill-intentioned hackers? The problem is, how do you know whether the sites you are visiting have not been compromised or not when your tools ignore these types of threat?

Zscaler Safe Shopping is continually up-to-date, via the Zscaler cloud security service, on compromised and fake online stores. It warns users when they visit one of the suspect domains.
 

Compromised stores

A compromised store is an e-commerce website where one or several groups of hackers has full access and can add/remove/modify pages, access the database, etc. This means they can change an order form to get all shopper information, or get data directly from the store's database;  they can even change a payment form and redirect you to a a phishing site.

Zscaler detects compromised online stores based on several factors that demonstrate total control by an outside party by becoming aware of:

• The presence of a backdoor that may allow anyone to control the site, as shown in the "Hot Video" pages: analysis of an hijacked site (Part III) blog;
• Spam SEO pages;
• Identified JavaScript/HTML injection;
• and more.

For regular users , these sites may not show any sign of being hijacked, - and that's exactly what the attackers want.

To see a sample warning of a compromised store, go to http://compromised.example.com/ after you install the plugin.
 

Zscaler Safe Shopping Warning - Compromised store

To prevent people from using our list to find compromised sites for malicious purposes, we store the domains as a hash table, rather than as plain text list.

Fake stores

Recently, we highlighted the number of high profile, legitimate sites, that have been hijacked to lead to fake online stores. These stores offer up software downloads at highly discounted prices. The downloads are not blocked as malware by Google Safe Browsing, or as phishing sites by Phishtank.

We've found approximately 100 such fake stores. Those numbers are still high, with more are coming every day.
 

Fake Online Store

To see the warning for a fake store, go to http://fake.example.com/ after you install the plugin.
 

Zscaler Safe Shopping Warning - Fake Stores

Zscaler Safe Shopping Options

You can customize Zscaler Safe Shopping via the following options:

• Allowlist: do not show a warning for a list of user supplied domains
• Denylist download interval: how often should the plugin download the new list of compromised and fake stores

 

Zscaler Safe Shopping Preferences

In addition to the option menu, Zscaler Safe Shopping adds an icon to the status bar, at the bottom of the browser. This allows you to turn the plugin on and off with a click of the mouse, without having to restart Firefox. The icon becomes gray when the plugin is disabled.
 

Zscaler Safe Shopping Status Bar

 
We'll release updates to Zscaler Safe Shopping in the coming days and weeks as we get feedback from users. Don't hesitate to report any problems or submit question as a comment to this blog, or contact me directly at [email protected]. This plugin is a nice addition to our Search Engine Security (SES) add-on to keep consumers safer online.

 
Shop Safely!

-- Julien