Hello,
Days ago I was surfing on a known site when it appeared the following bar :
( Java update required )
Now, what happens if I go to download the Java update (fake) ?
An executable Is downloaded which then the user must start and it looks like installing the update but that actually tries to do install a lot of dubious utility software: bars, changing search engines and add advertising to navigation and who knows what else.
A nice business right ?
Does not pass though harmless Virus Total scan :
https://www.virustotal.com/it/file/...9f40739052d1307b9b61da2e/analysis/1430493437/
What so I wanted to bring to your attention is the quality of the social that is offered to users: a bar very similar to that of firefox/chrome to install some crazy plugins or in this case a fake Java update.
Now, I think an average user to press that button quite often, but with appropriate changes ?
• a decent language
• direct file download
• a possible malware FUD (Fully UnDetectable, undetectable by antivirus)
Planted on sites visited often would lead to a good load for any exploit kit :
HTML code
Conclusions
Social engineering is the act of manipulating a person to access your sensitive data and is a leading information technology crimes and internet crimes.
The user is the weakest link in the chain of security measures, human beings, not just make mistakes, but they are also vulnerable to targeted attacks by individuals hoping to convince them to give up sensitive data.
The best defense against these attacks is the awareness that no one gives you anything for nothing and then distrust towards all that is unknown.
It is important to always stay informed about what is being offered or promised and think, also becoming accustomed to recognizing the deceptions.
Regards
Days ago I was surfing on a known site when it appeared the following bar :
( Java update required )
Now, what happens if I go to download the Java update (fake) ?
An executable Is downloaded which then the user must start and it looks like installing the update but that actually tries to do install a lot of dubious utility software: bars, changing search engines and add advertising to navigation and who knows what else.
A nice business right ?
Does not pass though harmless Virus Total scan :
https://www.virustotal.com/it/file/...9f40739052d1307b9b61da2e/analysis/1430493437/
What so I wanted to bring to your attention is the quality of the social that is offered to users: a bar very similar to that of firefox/chrome to install some crazy plugins or in this case a fake Java update.
Now, I think an average user to press that button quite often, but with appropriate changes ?
• a decent language
• direct file download
• a possible malware FUD (Fully UnDetectable, undetectable by antivirus)
Planted on sites visited often would lead to a good load for any exploit kit :
HTML code
Conclusions
Social engineering is the act of manipulating a person to access your sensitive data and is a leading information technology crimes and internet crimes.
The user is the weakest link in the chain of security measures, human beings, not just make mistakes, but they are also vulnerable to targeted attacks by individuals hoping to convince them to give up sensitive data.
The best defense against these attacks is the awareness that no one gives you anything for nothing and then distrust towards all that is unknown.
It is important to always stay informed about what is being offered or promised and think, also becoming accustomed to recognizing the deceptions.
Regards
Last edited by a moderator:
