Endpoint Protection

 View Only

Misleading applications: How they fool the endusers. 

Jun 25, 2009 04:27 AM

Misleading applications are applications that pretend to do one thing while doing another. A good example are rogue security softwares that decieves or misleads the user into thinking that there are security issues with the computer he or she is currently using and requires the installation of software to remove the “threat”.

They usually use the web browser pop-up and make the user think that this is their Explorer and then shows that it is being scanned. Previous versions just show a small pop-up (similar to when you do something with files, except this one pretends to scan)

I've come upon this at home while surfing the internet. The current websites open are Facebook, Youtube, and Google (3 of the most visited sites in the world). Everybody I know visit this page every now and then and I'm pretty sure there are no malwares in their sites. So there I was, looking into my profile and noticed that one of my friends became a fan of someone. So I moved over to see what the fuzz is all about. Then a few seconds later a new tab opened and shows what seemed like a software scanning my supposed directory. After it finished scanning, it then told me that my computer is infected with threats.

So what did I do? Naturally, I tried to humor myself and let it run for a few minutes while laughing out loud. By the way, please don't try this unless you are prepared for the consequences.

imagebrowser image




It seems to find malwares in places that doesn't exist. I know how I setup my computer and I know there are no files like that on my PC. Plus the drive letters are all wrong. Anyway, what you see in the picture is a webpage trying and failing to bypass the web browser to show the page as a full screen instead of just being in a tab. Also, notice the titlebar on the small pop-up. When I move the pop-up question, it disappears under the tab buttons so I know that it is part of the web page. After finished “scanning”, it gave me a report of the malwares present and gives me the option to Remove or Cancel.

So what did I do next? You've guessed it. I clicked on the equivalent of 'yes'.


imagebrowser image


So the download begins. The makers of this software is good enough to add a script that would automatically execute the file upon completion of the download. But then, my PC doesn't know what to do with the file. It is at this point that I got bored and cancelled:


imagebrowser image


It just comes back again and again. This is where they got me. I cannot stop the pop-up from coming back. I cannot close the tab. And finally, when I closed the browser window and reopened it, all the toolbars are gone! Oh well, just delete a file that saves the last view/configuration of the software and things were back to normal. Yey!

In the corporate world, administrators want to be in control of the PCs in their network. And we should be. It is our heads that's on the line when it comes to the integrity of the system. Users who may not have access to the AV for our fear of them disabling them would think that there is no AV installed since we've hidden that icon and they probably don't even bother looking it up in the Progams. And clicking on these supposedly anti-malwares to install is their ethical thing to do. They'd probably just see what appears to be just their file explorer running with an AV looking into their system and finding all these nasty things in it. Some malwares would also give them the impression that it is finding things that your current AV cannot. Blocking these websites or keywords would only work for a little while until these companies get a new name and webhosting and go at it again.

Aside from having antivirus softwares installed and strictly updated. For the endusers to be aware of this other than the information for their awareness, maybe allowing them to change their desktop and explorer appearances or have your company replace the default appearance with a non-standard one would add another layer, though an extremely thin one, of protection. If an explorer shows up with their non-preset text and color schemes, it should give them cause for alarm. I cannot be certain on the countermeasures for this as I cannot control what each of the endusers does to their PCs. Progammers of misleading applications always finds new ways to fool users and sooner or later, they're probably be good at it to fool enough users in your network to cause major problems. Just be glad that they haven't copied the appearances of well known AVs in the market and be able to get away with it...or have they.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jun 27, 2009 10:00 AM

Thanks for the comments.

I did try to entertain one of those money laundering scams, the one with the girl seeking refuge to another country. Even when I said no in my most kindest way, the fact that I'm returning emails probably gave them the idea that I was interested. But I have long since deleted those emails. :)

Jun 26, 2009 10:45 PM

This is very helpfull...
your experience real pays off..
thanks...

Jun 25, 2009 11:18 AM

I think we'll probably find more of this in the future, as the "scam" of routing money from tim-buck-to, to the US, is fairly well known at this point....

Eric

Jun 25, 2009 04:33 AM

Did some minor editings. Realigned the pictures. I just found how to edit the blog posts just today. :(

Related Entries and Links

No Related Resource entered.