Hacker Mind Tricks Increasing Malware Downloads

 Pages 1 2 3 NEXT
 

Hacker Mind Tricks Increasing Malware Downloads

image

Microsoft has found that downloads of malicious software are increasing due to psychological trickery, not hacking skill.

Through research revolving around customer use of Internet Explorer, Microsoft has determined that 1 in 14 downloads today are of a malicious nature. In other words: trojans, spyware, malware, and any other term used to describe programs that screw with your computer. In the past, one might have blamed these downloads on vulnerabilities in web browsers, but according to Microsoft most of it ends up being approved by users themselves through hacker mind tricks.

They're called "social-engineering attacks," and just about anyone using the internet has probably been hit by one. Instead of uploading malware to your computer just by visiting a website, these attacks will actually get you to be an accomplice just by messing with your mind.

For example, you visit a website and a window pops up saying: "Your computer is at risk! Press yes to scan using Malware Cleanser 3.5!" In reality, pressing yes downloads a malicious program that isn't trying to help you at all, and will haunt your coming days and weeks unless you're lucky enough to figure out how to delete it.

Microsoft and other companies are building databases to help warn customers about this type of download, but it's basically a neverending battle. It might seem worrying, but user-downloaded malware is actually pretty easy to avoid if you know what you're doing. The rule of thumb is to never trust anything on the internet ever, especially when it involves clicking "Yes."

Source: Microsoft Blog

Permalink

Tom Goldman:
Microsoft has found that downloads of malicious software are increasing due to psychological trickery, not hacking skill.

Social Engineering is very much a hacking skill. In fact, one of the worlds most prominent hackers, who was arrested in a high-profile case in the 90's, Kevin Mitnick, relied *heavily* on Social Engineering to do his hacks.

This just in people are stupid.

People fall for this stuff? I thought it was all pretty obviously malarkey.

This is what makes me cringe on an almost daily basis. It boggles the mind when I turn up to work to find Porno-Ad-View-Plus or some shit knowingly installed on a machine used with kids just because it came with a free MP3 playing piece of software.

*waves hand*
You will download this program to scan your computer for viruses.

It's really just a matter of being practical, but we all learn better by experience than just being told. First real step to protect yourself, back up your personal data separate from your main drive. Most malware doesn't look beyond the C: drive where the juiciest bits are expected to be.
Interesting that this comes up with the Live service starting to get hit with phishing scams. It's good awareness and advice to bring up, but also smells like Microsoft wants to protect its butt.

Dulcinea:
People fall for this stuff? I thought it was all pretty obviously malarkey.

It's pretty obvious to experienced users, but there are new users popping up everyday. There are enough of them to keep the savannah stocked with easy prey. It sits on us stronger lions to help those new to the internet so they can avoid being caught with malware.

samsonguy920:

Dulcinea:
People fall for this stuff? I thought it was all pretty obviously malarkey.

It's pretty obvious to experienced users, but there are new users popping up everyday. There are enough of them to keep the savannah stocked with easy prey. It sits on us stronger lions to help those new to the internet so they can avoid being caught with malware.

Very true.

I hate hackers. Seriously. Leave people alone.

This is news? I thought everyone who was computer literate knew that clicking "Yes" was a bad thing.

I say never even click on yes. Just find a way to shut down the browser without clicking on anything is safer, atleast from my experience. :)

"Are you sure you want to close the browser?"
HELP!

MaxPowers666:
This just in people are stupid.

Any one who gets a virus from one of those deserves it lol. Unless it is some kid who doesn't know any better you'd think everyone on the planet knows not to go to that site.

I clicked yes once.
I facepalmed hard a few seconds later.
(It was disguised as norton very well)
Fixed it though within an hour :D

My kids got this crap on my pc yesterday. It was the "vista antivirus 2011" thing, and while reading on a website on how to fix this, there was some old dude who posted saying he bought the vista antivirus so things should be better soon...Poor guy, don't know how he got passed all the stuff on the site about the fake program or how to kill it to coment that he bought fake program...people told him he was screwed but I assume he was long gone. No other posts from him.

I always say no.

Good thing I was right about it.

EDIT: I mean To exit with the dismiss button.

Dr. wonderful:
I always say no.

Good thing I was right about it.

Nooooooooooooooooh, don't click it. It doesn't care if you click yes or no, the whole window is one big download button.

ctrl alt delete!
CONTROL ALT DELETE!!!

kayisking:

Dr. wonderful:
I always say no.

Good thing I was right about it.

Nooooooooooooooooh, don't click it. It doesn't care if you click yes or no, the whole window is one big download button.

....Read my update.

I simply click it off with the X button.

Tom Goldman:
Microsoft has found that downloads of malicious software are increasing due to psychological trickery, not hacking skill.

Reminds me of what I told a person yesterday, as her computer was infected with "XP Antivirus 2012" or something of that sort for the third time. She asked me for a way to make her computer 100% virus proof. Should she change from McAfee to Norton?

I told her that all she could do to improve her odds (but not make them 100%) was: Keep her antivirus up to date, keep up to date on patches for Flash and Java and Windows, and to change her online behavior. "MY behavior? Why?" she asked, offended.

"Because if you were infected because you clicked on a big 'CLICK HERE! Scan now!' button that popped up out of nowhere then you will get reinfected if you click that button again. Getting a new door lock and a security alarm doesn't work if you invite the robber in."

She got real silent. Work in this industry long enough and telling the conned ones apart from the suspicious-game-crack-downloader or porn-site-trawler gets easier.

And then there was one who actually gave one of those scareware apps a credit card number. And when it came back saying "invalid", she gave them another one.

Arachon:
Social Engineering is very much a hacking skill.

It is definitely part of a hacker's toolbox, but I hesitate to call it a hacking skill because that makes every con man and grifter into a hacker. I wouldn't call Nigerian scammers or those people who phone you claiming to be from Microsoft "hackers" even in the script-kiddie sense. They're con men.

Dulcinea:
People fall for this stuff? I thought it was all pretty obviously malarkey.

Google the "Facebook Login" debacle.

People = Stupid.

OT: Honestly, people = stupid, yes, I DO need to type it twice.

Ive seen a few of those malware pop-ups that claim you are at risk unless you get their product, one of my favorite ones uses Java and Adobe Reader to bring up a blank notification with only a "OK" button.

Yea, downloads kig.exe into your appdata and sets your Hkey to open its fake virus scanner every time you try to open ANY program, after you delete it you have to manually go back and set the default paths or you will always get a "choose program from list" box.

Also, opening Firefox with Firefox, awesome.

Annoying if it wasn't for the fact that whoever made it sucks at hiding processes.

The rule of thumb is to never trust anything on the internet ever, especially when it involves clicking "Yes."

It's not as easy as clicking "No".

Click "Yes": Your infected.
Click "No": Your infected.
Click "Yes": Your infected.
Click "Cancel": You're infected.
Click "Yes": You're infected.
Click the red X at the top right: You're infected.

This is how I suspect a lot of malware gets transmitted. People need to realize those buttons can say whatever they want, it makes no difference. They're just programmable buttons, there is nothing magic about hitting "No". I can program "No" to do whatever I want it to do, and that includes making it do exactly the same thing as "Yes" does.

ctrl-alt-delete, open task manager and shut down the browser. done. flash ads and java script are horrid lil bastards when they are used for malware.

Theres plenty of people out there that have no idea and will install anything, this is nothing new and was real bad with toolbars for web browsers around 2002-5. seemed like every idiot had 10-15 toolbars and all were spyware. and that article was meant for them.

Formica Archonis:

And then there was one who actually gave one of those scareware apps a credit card number. And when it came back saying "invalid", she gave them another one.

That is the saddest, funniest thing I have read in a while.

Not really new... uh... news if you ask me; it's not like I've heard about this for the first time. Hell, I've seen those back in the nineties(God I feel old...) offering me to "scan my PC for FREE".

After the first few times I noticed I always got spy- or malware on my computer regardless if you press Yes, No or even the close button, I now delete them with the Windows Task Manager.

so.. there building a ms version of wot? Thats all i can see from this article.

It's good to know that hackers have been taking a class in jedi just hope they haven't been levelling up their light-saber skill level.

That's why you open the task manager and end the process... my usual strategy when I get one of those pop ups is to cut power to my router end the process run a quick virus scan, restart my computer run a full scan... and if everything is fine, live in constant paranoia for the next month occasionally crying softly to myself... or maybe that's for another reason...<.<

I don't visit many sites other than a few gaming sites and youtube so I shouldn't have a problem anyway... except on those lonely nights when I decide it's alone times...

I can't believe anyone still falls for "Scan your computer". Why would Win7 users with chrome have a WinXP "My Computer" screen? If tou just think before you do anything about any virus, you can't fall for such a thing. Some of those files mentioned don't even exist!

Also, it has happened more than once that I was browsing on my Android phone, and suddenly saw "Windows Defender detected a virus". Strange, malware designers are not capable of using User Agent tests...

I've run into that a few times just recently. 'Course, in my case, the fact that the fake anti-spyware thing even showed up was the actual problem. I'm not stupid enough to think it's real, but that didn't change the fact that it completely hijacked my internet browsers before the convoluted solution could take hold.

Now, it's just "end that process, run Ad-Aware, fix the broken .exe files in its wake."

"Mind tricks" is an overstatement I believe. "Download this and you can have a biscuit" is more the level of these tricks.

HankMan:
*waves hand*
You will download this program to scan your computer for viruses.

I will download this program to scan my PC for viruses.

samsonguy920:

Dulcinea:
People fall for this stuff? I thought it was all pretty obviously malarkey.

It's pretty obvious to experienced users, but there are new users popping up everyday. There are enough of them to keep the savannah stocked with easy prey. It sits on us stronger lions to help those new to the internet so they can avoid being caught with malware.

Why would lions want to help their prey? Shouln't we be the more experienced elephants, warning the new generation against the dangers of leaving themselves open to predation?

OT: One of my old flat-mates was horrendously bad for this kind of thing. I lost count of the number of times I had to disinfect my last PC after he used it.

The_root_of_all_evil:
"Mind tricks" is an overstatement I believe. "Download this and you can have a biscuit" is more the level of these tricks.

Well played, sir. Well played.

Ugh... I've had to cure my family's PC like... 3-4 times from safe mode because of my two little sisters falling for this crap. Good news is I'm getting quite good at removing those type of things from other people's computer when they do screw up.

(*blush*) I admit, I fell victim to one of those fake virus warnings once. Had to pay about $75 to get my computer fixed up. The guy who fixed my computer reminded me to use Malwarebytes Anti-Malware and keep it updated. Yeah, I still get those fake virus warnings once in a while, but Malwarebytes helps a LOT when that happens.

 Pages 1 2 3 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here