HackDig : Dig high-quality web security articles for hacker

Fake browser warning your uncle might fall for delivers malicious trojan

2014-12-05 19:20

Hackers have an almost unlimited number of ways to install malware on the computers of unsuspecting people. One of the more effective ones is, paradoxically itself, preying on the fear of being hacked.

A good example is the fake warning above. It's designed to resemble the alerts that Chrome, Firefox, and most other browsers display when a user tries to visit a site known to be malicious. It allows people to visit the site only by clicking a button acknowledging the risk.

In fact, the above warning is generated by attackers pushing ZeuS, a highly malicious computer trojan that steals online banking credentials and makes infected computers part of a botnet that can carry out a variety of other criminal acts. Researchers from PhishLabs who came across the warning still don't know exactly how people encounter the advisory hoax. They were, however, able to track the malware that gets installed when a user falls for it and clicks the update button. It's tied to a ZeuS command and control server.

Exploiting security bugs in Adobe Reader and Flash, Oracle's Java browser extension and Internet Explorer is one of the better known ways attackers take control of end user machines. Social engineering remains one of the most effective techniques. This latest one is likely to bear fruit since the writer's command of English is relatively good and the graphics and layout closely resemble legitimate browser warnings. Its manipulation of end users' well-placed fear of being compromised is a perfect lure for more inexperienced Web surfers, or even for those who are tired, drunk, or just not paying close attention.


Source: ilam-sreviled-rof-llaf-thgim-elcnu-ruoy-gninraw-resworb-ekaf/21/4102/ytiruces/moc.acinhcetsra

Read:1674 | Comments:0 | Tags:Law & Disorder Risk Assessment malware Zeus

“Fake browser warning your uncle might fall for delivers malicious trojan”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud