Malware authors target Google Chrome

Status
Not open for further replies.

jamescv7

Level 85
Thread author
Verified
Honorary Member
Mar 15, 2011
13,070
Every time I write about Internet Explorer, it’s usually a matter of minutes—sometimes even seconds—until someone in the Talkback section proclaims, smugly, that they’ve switched to Google Chrome or Firefox and are therefore immune from malware attacks.

They’re wrong, and malware authors have begun preying on users of alternative browsers to push dangerous software, including Trojans and scareware. The problem is that most malware attacks aren’t triggered by exploits that target vulnerabilities in code. Instead, according to one recent study, “users are four times more likely to come into contact with social engineering tactics as opposed to a site serving up an exploit.”

I found a perfect example yesterday, thanks to an alert from Silverlight developer Kevin Dente. He had typed in a simple set of search terms—Silverlight datagrid reorder columns—at Google.com, using the Google Chrome browser on Windows. You can follow along with what happened next in the screenshot gallery that accompanies this post.

Zdnet
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
I came across this sometime last week:
http://malwaretips.com/Thread-Fake-Security-scan-in-Google-Chrome

They should make their idea of this more strict, like SmartScreen in IE9:
http://malwaretips.com/Thread-Google-Chrome-and-Chromium-add-protection-against-malicious-downloads
 

bogdan

Level 1
Jan 7, 2011
1,362
People need to distinguish between an exploit in a browser and this social engineering type of attack. There is no bug in chrome being exploited here. It is just a social engineering attack that happens to use the words "Google Chrome". It doesn't matter what browser you use, if you fall for this kind of "tricks". My opinion on what makes a browser secure: how fast the author reacts to newly discovered bugs. Consider this, when choosing your browser.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Bogdan, do you think these Social Engineering attacks first detect what web browser you are using then load the "appropriate-looking" fake scanner to match the browsers appearance?
 

bogdan

Level 1
Jan 7, 2011
1,362
That is absolutely possible because every browser has a userAgent string. It can be used to identify your browser and an example of using it for the right purpose is making sure that the page is displayed correctly under some browsers.
 

jamescv7

Level 85
Thread author
Verified
Honorary Member
Mar 15, 2011
13,070
Well malware writers know that many users are using Google Chrome thus they are targeting with fake scanner google chrome page.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top