New Malware Imitates Browser Warning Pages 143
Jake writes with this excerpt from Ars:
"Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before. Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless 'Safe Browsing Mode' with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied."
Themes (Score:5, Insightful)
All the more reason to theme your window manager - it makes this stuff obvious.
Why is this new? (Score:4, Insightful)
There's plenty of rogue/fake AntiVirus programs [wikipedia.org] out there. Is the new part that they imitate your browser rather than looking like a real anti virus program?
Bit of Advice (Score:3, Insightful)
You spend all this time writing this creative software (malware)...
Try fracking finding someone who can proofread your english; it's abysmal and frankly embarrassing. I realize it is not your native language but this lack of attention to detail is exactly the reason you find yourself writing malware in the first place ... oh and why the only people you manage to trick into this are on the bottom side of the intelligence bell curve.
Re:Bit of Advice (Score:2, Insightful)
"oh and why the only people you manage to trick into this are on the bottom side of the intelligence bell curve."
So... 99% of the people that own computers?
Re:Security Fix Schedule (Score:3, Insightful)
> Firefox will have it fixed within hours.
> Chrome will have it fixed within days.
> Microsoft will issue a patch with in months.
Apple will ignore it.
Re:Bit of Advice (Score:3, Insightful)
oh and why the only people you manage to trick into this are on the bottom side of the intelligence bell curve.
I disagree with this line entirely.
Sure, those of us at Slashdot may realize the obvious attempts at breaching our computers safety, but not everyone realizes they need to distrust and scrutinize every little thing they come across, especially when it looks like a very legitimate message from the browser itself (English errors notwithstanding). Even still, that doesn't make the completely stupid, just naive.
Re:Not new... (Score:3, Insightful)
Imitating warning pages or other elements of the UI is not a new tactic.
Perhaps browsers could be developed to use some feature that 3rd party pages couldn't easily duplicate? It might not be practical to use colors/effects etc not supported by standard browser features, but maybe a browser could be designed to display some preset USER SPECIFIC DATA or graphic that javascript and other net-driven browser code does NOT have access to?
What about us? (Score:3, Insightful)
What about Safari and Opera users?
Re:Not new... (Score:3, Insightful)
Actually, it's a very, very good troll that brings up some interesting points, so I'll bite.
The thrust of your argument is that older and/or non-company vended net software is dangerous when it comes to picking up viruses. There's an element of truth in that, a regularly patched system, be it *nix based or Windows is generally a good idea. This is, however, a different thing to having every possible update just for the sake of it. If I installed Windows and iTunes on my system simply because I *might* want to use them, or because everybody else has it, or because I saw an advert, then I'm opening myself up to new potential avenues of attack. Let's presume I only want to read the text on the internet....no pictures, no video, no Silverlight or whatever the latest thing is....I'd use a very bare-bones system, say Lynx running without a GUI, PDF support etc.
If there's nothing running scripts at a system level, for example no JS, Flash, Java plugins and the like, then that's multiple attack routes taken care of. Sure, the modern internet is very snazzy and all, but being able to "install and run our video codec" is asking for trouble if you just want to look at naughty ladies. Less is often more.
Re:Security Fix Schedule (Score:5, Insightful)
That'd be the day - when a browser developer can issue a patch for human stupidity.