Tuesday, March 30, 2010

Browser payloads

I was innocently (honest!) browsing the vastness of the internet, when I came across an interesting page.

It displayed Windows XP like alerts, "Windows Security Alert" in all the colourful WinXP crayola themed glory and then proceeded to pop up another realistically rendered "window" which simulated a scan throughout my vulnerable Windows system. Yes, the windows were drag-able.

It looked something like this:

Then my Firefox browser popped up a dialog to confirm if I wanted to download and run a delicious "packupdate_build6_318.exe" file to patch up my now severely insecure operating system:
Fortunately Im abit more technologically aware of these scams. Fortunately I know that when Windows alerts you of something, you have to be doubly aware of things.

But what about the rest of the world? The vast majority of people who would be fooled by this cleverly rendered HTML/CSS/JavaScripted page? At the threat of "Security has been damaged by virus[sic]", a large number of people will want to eradicate the pesky virii. Thus, a high percentage who would click on "Run Application" after downloading.

So if you are the so-called "Tech Support" for your family/relatives/friends (its a thankless job), you could save yourself alot of headache by educating your "users" about these threats. Change the default theme to something different. Install a net-nanny. Install a real Anti-Virus app (or two) which is updated frequently. Lock down the users' permissions. Boot read-only. Charge by the minute. Ban the user from computers.

Alternatively, you could get them to run Linux.


2 lewsers:

yazid said...

Sort of smitfraud as I can see, yet many users unable to recognised this is as a pure thread. Can we say that we are safe because we are running on linux?

Sze Siong said...

You are a hardcore linux user. Looks like u don't have any windows boxes at home =)