Sunnyvale, California, March 1, 2011
Zscaler today released SafeShopping, a free Firefox plugin that consumers can download from https://www.zscaler.com/safeshopping.html, which will protect them from fake and compromised online stores.
The number of compromised and fake online stores is growing, and unsuspecting users are falling victim to such sites every day. When end users attempt to purchase goods from such sites, they are giving away sensitive information such as credit card numbers. Zscaler SafeShopping is a free Firefox plugin, which warns users when they visit one of the suspect domains. Zscaler SafeShopping is continually updated, via the Zscaler cloud security service, whenever new compromised or fake online stores are identified.
Virtually all browsers contain blacklists to prevent users from accessing known malicious sites: Google Safe Browsing, Phishtank, etc. However, these blacklists do not generally block sites that have been compromised. Rather, they block the malicious pages that hijacked sites ultimately redirect to. This behavior is fine for most websites where you just surf and do not leave any sensitive information. However, in the case of shopping and commerce sites, where a user leaves a mailing address, phone number and credit card details, this type of blocking is not sufficient. These types of commerce attacks are successful because users often have no idea that the site they are visiting has been compromised, or is a scam built by ill-intentioned hackers.
“Attackers are constantly adjusting their tactics and traditional security controls are failing to keep up,” said Julien Sobrier, senior researcher at Zscaler labs and developer of the new SafeShopping plugin. “As blacklists have improved their detection of traditional attacks such as fake antivirus campaigns, attackers are now shifting to fake and compromised storefronts, which are not being detected by the browser.”
According to Michael Sutton, VP of Security Research, "Users have grown comfortable with online commerce. What they don’t realize is that lesser-known online stores can become compromised, often due to known vulnerabilities in popular technologies that have not been patched by the merchant. When this occurs, while the store itself may be legitimate, attackers could have access to the back end database."
SafeShopping is freely available to everyone and can be downloaded from https://www.zscaler.com/safeshopping.html.
Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.
Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.
- Zscaler Security Research
- Zscaler Security as a Service
- Award-winning Web Security
- World’s First Next Generation Cloud Firewall
- Sandboxing and Behavioral Analysis
Director of Communications