foobar on computers, software and the rest of the world


A very well-made malware installation site

, posted: 4-Sep-2008 11:28

I can really understand why there are more infections with malware on computers running Windows than those that run other OSs. Firstly, there are of course less people using those other OSs, thus the distributors of malware naturally focus on the biggest pie first. But secondly, some of those malware installation scams are actually very well done.

Consider what I came across when I was researching digital cameras. Take a look at the top search result I got back from Yahoo for a completely innocent search query (click on the image to see a full-sized version):

Yahoo search query for a digital camera

Ok, so admittedly, the link title doesn't even say anything about the camera model I was searching for, but I tend to click on the top link anyway. Some sort of bad habit, I guess. Anyway, a new tab opened (I always open search results in tabs), and suddenly this pop-up appears out of nowhere:

Pop up from the malware installing web site

This was done as a JavaScript alert/dialog pop-up, which is normally not stopped by pop-up blockers. Of course, being told that my computer is infected and that WinXP will now perform a scan is rather surprising, considering I am running GNU/Linux. And the annoying repetition of “FREE” (in all caps) is a bit of a give-away as well. Other than that, the dialog isn't brimming with spelling mistakes (I only found one) and doesn't use spam-speak, which lends it a bit of credibility.

Of course, no matter if you click 'cancel' or 'ok', the “scan” starts anyway. Take a look at this screen then (click on the image to see a full-sized version):

WinXP themed dialogs and progress bars

The green progress bar in the background? That actually was animated, showing me (very quickly) a list of the various files it was “scanning” (quite realistic looking). The expectedly devastating result, popping up in a very convincing looking WinXP themed 'window': My poor Ubuntu box was apparently riddled with Windows-only malware. Fortunately, the kind folks from that site offered to fix that for me. For FREE no less! Clicking anywhere on that page resulted in some more helpful information, just before the download of an EXE file started.

But of course, because I run GNU/Linux, I am merely offered the option to run this piece of malware under Wine! The resulting screenshot therefore was so funny (use Wine to run malware!), I just had to capture and share it (again, click on the image for a full-sized version):

Malware running via Wine under GNU/Linux?

It's easy to laugh about this, and it's also easy to make fun of those people who fall victim to these kinds of scams, or to go on about Windows being insecure. But we have to keep in mind that most users of the Windows computers out there are not technical, and that this site was well made and looked quite convincing. Similar scams targeted at other OSs would likely have the same chance to succeed if presented to a user of similar technical skill level.



Other related posts:
Skype surveillance: You can't trust closed-source software
Fake popup study: Users are idiots? I don't think so...
Google anonymises IP addresses in their logs? Not really...








Comment by Brendon, on 5-Sep-2008 08:37

Funny how these less technical folks suddenly get amnesia when you are asked to recover their computer from this bastard of a program. Took me a few hours to get the computer back in working order and when I asked the user how the computer got infected they had no idea because they didn't install anything... retards!


Comment by Porges, on 5-Sep-2008 18:19

There's more discussion about this here:

http://www.codinghorror.com/blog/archives/001164.html


Comment by timestyles, on 10-Sep-2008 17:31

One malware about a year or two (you had to install it somehow first) pretended to be MS Windows activation and then requested your credit card number (although it would not be used...). I wonder how many thousands of people fell for that one. Drive by malware installations are the worst - bugs that allow viewing a webpage to install malware without any user operation at all. Fortunately they are infrequent. See http://news.cnet.com/2100-1002_3-6171727.html


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.

Your name:

Your e-mail:

Your webpage:

foobar's profile

 
New Zealand


  • Who I am: Software developer and consultant.
  • What I do: System level programming, Linux/Unix. C, C++, Java, Python, and a long time ago even Assembler.
  • What I like: I'm a big fan of free and open source software. I'm Windows-free, running Ubuntu on my laptop. To a somewhat lesser degree, I also follow the SaaS industry.
  • Where I have been: Here and there, all over the place.




Google Search


Recent posts

Attack on net neutrality right...
Munich already saved millions ...
Iceland's public administratio...
More Apple madness (follow up)...
Apple demonstrates: With great...
Smooth sailing with the Karmic...
Censorship in New Zealand: Wid...
Image roll-over effects withou...
How about: Three strikes and Y...
UK government supports open so...


Top 10

How to write a Linux virus in ...
(11-Feb-2009 06:33, 457812 views)
Follow up: How to write a Linu...
(12-Feb-2009 08:10, 64312 views)
A truly light-weight OS: Writt...
(3-Feb-2009 10:39, 46486 views)
The 'Verified by Visa' fiasco ...
(20-Jun-2008 09:59, 32251 views)
EEE PC with XP is cheaper than...
(9-May-2008 06:50, 20195 views)
11 reasons to switch to Linux...
(4-Feb-2009 09:24, 20109 views)
Would you use Google App Engin...
(8-Apr-2008 20:02, 19387 views)
Censorship in New Zealand: Wid...
(16-Jul-2009 12:11, 18839 views)
Django Plugables: Tons of plug...
(11-Apr-2008 03:24, 16794 views)
Slow file copy bug in Vista: A...
(21-Dec-2007 12:18, 15918 views)