Jump to content

Lame Social Engineering Trick


Caldor

Recommended Posts

Friend of mine sent me this link as he was "confused". Thankfully he did not get suckered in, because it has to be just about the lamest attempt at social engineering Ive ever seen. I went to the URL in my Linux test machine and it played a laughable illusion to convince me to install some malware which wont even work on my Linux test box.

post-2814-1214806379_thumb.png

post-2814-1214806379_thumb.png

Link to comment
Share on other sites

Friend of mine sent me this link as he was "confused". Thankfully he did not get suckered in, because it has to be just about the lamest attempt at social engineering Ive ever seen. I went to the URL in my Linux test machine and it played a laughable illusion to convince me to install some malware which wont even work on my Linux test box.

 

I can guarantee that everyone but me in this house would fall for it. :(

Fantasy is the celebration of what we no longer are: individuals certain of our meaningfulness in a meaningful world. The wish-fulfillment that distinguishes fantasy from other genres is not to be the all-conquering hero, but to live in a meaningful world. The fact that such worlds are enchanted worlds, worlds steeped in magic, simply demonstrates the severity of our contemporary crisis.
Scott R. Bakker, Why Fantasy and Why Now?

RPG Codex - Putting the 'Role' back in RPG.

The Age of Decadence - A game everyone should look forward to.

Link to comment
Share on other sites

Hi all you new or not so new users,

 

This is a perfect example of what is called Rogue Malware,

This may be from a new site that Firefox and others don't know about yet.

They appear that quickly because they know once identified then their "hit" count falls off and then they create a new site.

That program name and many others like it are the latest to "sucker" "trick" or "panic in unknowing users.

Please advise all users that you know to only get Free software from sites that you will help them to check out.

 

Best wishes,

:) davey

P.S. Sucker was an improper word in this "context".Thanks all for your additional input.

I know I have ended up on some websites that chilled me.I didn't want to even move my mouse.Luckily I had jokingly prepared myself ahead of time.I did what my friend would do.Well almost.I unplugged the Workgroup Switch.Turned everything off I could.Then I pretended to be a "thunder storm".Zzzztttt...

Edited by davey
Link to comment
Share on other sites

  • Moderators

I think it important to go into more detail about this.

 

A few days ago, I was searching for a couple of Raw Image Viewers for a thread, and I was googling and searching with Firefox and an active McAfee SiteAdvisor.

 

I hit a site greenflagged by SiteAdvisor, and all hell broke loose.

 

This isn't a case of being suckered in, as anyone but an experienced internet user would be put into nothing short of panic by what's appearing in front of them.

 

Besides the large "Virus Scanner" on the page, there are smaller, flashing, "warning windows" popping up all over the place. The clever thing with these windows is you can't close them down by clicking cancel or by clicking the "close" button. Neither can you close the main window.

 

Every time you try to close the pop-ups, they open up again, and in that situation it's very easy to hit an accept button by accident, or out of sheer panic, download what you think is help.

 

Unfortunately, I know what I'm talking about because I've been there, and I was taken in by "Win AntiVirus Professional 2006". This was when I'd had a pc for about a week, and I hadn't discovered Piriform.

 

t239_winantiviruspro.jpg

 

I've kept this as a reminder, and it's just one of a dozen windows that were flashing all over the screen.

 

In a situation like this, it would be extremely difficult for any relatively inexperienced user to do what you need to do, and that is sit back calmly and think how you can get rid of these non-closable windows without downloading the malware. In fact a lot of experienced users would have at least an increased heart rate.

 

And bear in mind you're wondering as well what will happen when that scanner is finished scanning.

 

I don't think I've ever seen a discussion on here advising the best course of action, so I'll put forward my suggestion.

 

1: Diconnect from the Internet. Use the System Tray icon to right click and select "disconnect".

 

That might seem obvious, but not if you don't know you can do that. If you don't have an active System Tray icon, I'd suggest configuring one with your broadband/ISP settings, or configure some other form of shortcut to disconnect quickly. You never know when you might need it.

 

t1170_MalwareAttack.jpg

 

2: The non-closable pop up windows and scanner will still be on screen, and as before, you can't close either them or the main window.

 

Press Ctrl-Alt-Delete, launching Task Manager, highlight your browser, Firefox or Opera etc, and select "End Process".

 

You will now have rid of everything that was on screen, and with any luck you'll have avoided downloading the malware. Just to be sure, scan your pc.

 

If there's a better way to get out of this situation, please post your suggestions.

Link to comment
Share on other sites

If there's a better way to get out of this situation, please post your suggestions.
I agree with your actions however it seems that in times of human panic or mildly inexperienced people tend to do what they know that worked in the past which is usually only to click on the Red X to quickly cancel those rapidly popping up pr0n pages as fast as they appeared. Usually after about 4 to 6 pop ups are canceled then the panic subsides then vowing never to visit that site again.

 

Unfortunately, I know what I'm talking about because I've been there when investigating sites that should be included in the hpHosts HOSTS file.

 

The malicious malware purveyors have learned this trick as well and as they want their stuff on your system and they want it alive, active and protected so they will go to any method to prevent terminating their malware.

 

Some have even gone to the lengths of disabling anti virus applications, regedit, Task manager and modifying the user's Home page to make the application look legitimate.

 

What is needed is more goobernmint action and stiffer penalties for distributing this malware but this often takes years to come into fruition and as far as the goobernmint being able to react fast on these things they appear to still be back in dinosaur times armed with flint spears and a bunch of rocks.

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites

If there's a better way to get out of this situation, please post your suggestions.

I just downloaded and ran XP Antivirus which is a rogue of the same family as to what we are discussing.

 

Generates a fake XP Security Centre urging the user to buy for full protection.

 

71 exploits found when there are none.

 

Terminated all processess running inside the sandbox then deleted the contents and not a skerrick remains.

 

A reboot with Returnil active would have achieved the same.

 

 

 

Link to comment
Share on other sites

  • Moderators

I agree Dennis, even experienced users can panic a bit when faced with those kinds of popups, and of course most people click on the x to close them not realising that the malware/trojan is springloaded to be released by doing this.

 

Sometimes ctrl+alt+F4 may help. If some are java based perhaps your java toggle button might help Dennis.

 

I don't think you can really blame new users, as Kenny says they do what has always worked before, click the x.

 

Also as Dennis pointed out, safe sites can be compromised.

 

P.S. good screenshots Humpty.

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

On windows, this is one of the reasons why running IE7 on Vista (or another browser in sandbox mode) is important. Having the browser operate in a reduced priveledge mode means regardless of what the black hats are trying to do nothing matters. Vista runs the browser in low priveldge mode by default.

 

I would agree with the sentiment to terminate eth0 and kill rogue processes.

Link to comment
Share on other sites

The file systems are largely the same - Vista has transactional NTFS and alot of changes to driver models but that wont effect a/v running as services / processes. The kernel changed alot and some (not all) a/v companies had to change their code because they used to have hooks into the kernel in XP which they shouldnt have anyway.

Link to comment
Share on other sites

  • Moderators

Some good screen shots there Humpty. You really do need to know what to expect from an attack like this, to have any chance of beating it.

 

I've no idea if running in "Low Privilege Mode" would actually stop this if you thought the AntiVirus was something helpful from Microsoft or Windows. And that's what I thought when I succumbed to WinAntivirusPro 2006.

 

I'd only been using the Internet for about a week when it happened to me, so I didn't even know what my AntiVirus would look like if it was blocking an attack. Like umpteen thousand other new users, this attack was a first.

 

You have to put yourself behind the eyes of someone who has never experienced any sort of activity from their installed AntiVirus, Firewall etc., to realise how effective this type of attack is.

 

These things pop up looking all official and seemingly helpful, and I would imagine any of you guys with only a couple of weeks surfing under your belt could have ended up with an infection.

 

The only computer people I knew at the time were PCWorld, and they couldn't really help without taking the PC in to have it disinfected. At least a hundred notes (UK pounds) to do this.

 

I reformatted to get rid, and luckily, I hadn't been using the computer long enough to lose anything.

 

Correction, I did lose something. F-Secure AntiVirus which let the thing through. PCWorld told me it wasn't very good, allegedly.

 

So on their advice, I went and spent ?50 on Norton 2007. :(

 

I tell you, I had no idea freeware even existed, so discovering somewhere like Piriform, was a pretty good day.

 

Hats off to Piriform, and every other forum out there. hatsoff.gif

Link to comment
Share on other sites

I'm old. I dunna go to pr0n sites.....anymore. :lol: I've seen (thanks to this forum pointing to so many other security forums and such) enough screenshots posted of those professional looking scam ads that I think I know what to do now in case I ever get confronted by one. Turn off internet connection. Task Manager turn off browser. Run the billion anti-virus/malware/adware programs I got in here. Erunt runs every day. If I ever needed backing up I suppose I'd delete that days' round-up and reinstall the previous days' back-up.

 

This site has really tweaked the heck out of my knowledge of internet safety in a positive way. I used to think AVG was the cats' meow. Now I know better. Piriform is the cats' meow. It's the bees' knees. It's cool beans. ^_^

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.