Hacker Mind Tricks Increasing Malware Downloads

Tom Goldman

Crying on the inside.
Aug 17, 2009
14,499
0
0
Hacker Mind Tricks Increasing Malware Downloads



Microsoft has found that downloads of malicious software are increasing due to psychological trickery, not hacking skill.

Through research revolving around customer use of Internet Explorer, Microsoft has determined that 1 in 14 downloads today are of a malicious nature. In other words: trojans, spyware, malware, and any other term used to describe programs that screw with your computer. In the past, one might have blamed these downloads on vulnerabilities in web browsers, but according to Microsoft most of it ends up being approved by users themselves through hacker mind tricks.

They're called "social-engineering attacks," and just about anyone using the internet has probably been hit by one. Instead of uploading malware to your computer just by visiting a website, these attacks will actually get you to be an accomplice just by messing with your mind.

For example, you visit a website and a window pops up saying: "Your computer is at risk! Press yes to scan using Malware Cleanser 3.5!" In reality, pressing yes downloads a malicious program that isn't trying to help you at all, and will haunt your coming days and weeks unless you're lucky enough to figure out how to delete it.

Microsoft and other companies are building databases to help warn customers about this type of download, but it's basically a neverending battle. It might seem worrying, but user-downloaded malware is actually pretty easy to avoid if you know what you're doing. The rule of thumb is to never trust anything on the internet ever, especially when it involves clicking "Yes."

Source: Microsoft Blog [http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-reputation-in-ie9.aspx]

Permalink
 

Arachon

New member
Jun 23, 2008
1,521
0
0
Tom Goldman said:
Microsoft has found that downloads of malicious software are increasing due to psychological trickery, not hacking skill.
Social Engineering is very much a hacking skill. In fact, one of the worlds most prominent hackers, who was arrested in a high-profile case in the 90's, Kevin Mitnick [https://secure.wikimedia.org/wikipedia/en/wiki/Kevin_Mitnick], relied *heavily* on Social Engineering to do his hacks.
 

snave

New member
Nov 10, 2009
390
0
0
This is what makes me cringe on an almost daily basis. It boggles the mind when I turn up to work to find Porno-Ad-View-Plus or some shit knowingly installed on a machine used with kids just because it came with a free MP3 playing piece of software.
 

samsonguy920

New member
Mar 24, 2009
2,921
0
0
It's really just a matter of being practical, but we all learn better by experience than just being told. First real step to protect yourself, back up your personal data separate from your main drive. Most malware doesn't look beyond the C: drive where the juiciest bits are expected to be.
Interesting that this comes up with the Live service starting to get hit with phishing scams. It's good awareness and advice to bring up, but also smells like Microsoft wants to protect its butt.
 

samsonguy920

New member
Mar 24, 2009
2,921
0
0
Dulcinea said:
People fall for this stuff? I thought it was all pretty obviously malarkey.
It's pretty obvious to experienced users, but there are new users popping up everyday. There are enough of them to keep the savannah stocked with easy prey. It sits on us stronger lions to help those new to the internet so they can avoid being caught with malware.
 

RejectWoW

New member
Sep 28, 2009
16
0
0
I say never even click on yes. Just find a way to shut down the browser without clicking on anything is safer, atleast from my experience. :)
 

imnot

New member
Apr 23, 2010
3,916
0
0
I clicked yes once.
I facepalmed hard a few seconds later.
(It was disguised as norton very well)
Fixed it though within an hour :D
 

bombadilillo

New member
Jan 25, 2011
738
0
0
My kids got this crap on my pc yesterday. It was the "vista antivirus 2011" thing, and while reading on a website on how to fix this, there was some old dude who posted saying he bought the vista antivirus so things should be better soon...Poor guy, don't know how he got passed all the stuff on the site about the fake program or how to kill it to coment that he bought fake program...people told him he was screwed but I assume he was long gone. No other posts from him.
 

kayisking

New member
Sep 14, 2010
676
0
0
Dr. wonderful said:
I always say no.

Good thing I was right about it.
Nooooooooooooooooh, don't click it. It doesn't care if you click yes or no, the whole window is one big download button.
 

Dr. wonderful

New member
Dec 31, 2009
3,260
0
0
kayisking said:
Dr. wonderful said:
I always say no.

Good thing I was right about it.
Nooooooooooooooooh, don't click it. It doesn't care if you click yes or no, the whole window is one big download button.
....Read my update.

I simply click it off with the X button.
 

Formica Archonis

Anonymous Source
Nov 13, 2009
2,312
0
0
Tom Goldman said:
Microsoft has found that downloads of malicious software are increasing due to psychological trickery, not hacking skill.
Reminds me of what I told a person yesterday, as her computer was infected with "XP Antivirus 2012" or something of that sort for the third time. She asked me for a way to make her computer 100% virus proof. Should she change from McAfee to Norton?

I told her that all she could do to improve her odds (but not make them 100%) was: Keep her antivirus up to date, keep up to date on patches for Flash and Java and Windows, and to change her online behavior. "MY behavior? Why?" she asked, offended.

"Because if you were infected because you clicked on a big 'CLICK HERE! Scan now!' button that popped up out of nowhere then you will get reinfected if you click that button again. Getting a new door lock and a security alarm doesn't work if you invite the robber in."

She got real silent. Work in this industry long enough and telling the conned ones apart from the suspicious-game-crack-downloader or porn-site-trawler gets easier.

And then there was one who actually gave one of those scareware apps a credit card number. And when it came back saying "invalid", she gave them another one.

Arachon said:
Social Engineering is very much a hacking skill.
It is definitely part of a hacker's toolbox, but I hesitate to call it a hacking skill because that makes every con man and grifter into a hacker. I wouldn't call Nigerian scammers or those people who phone you claiming to be from Microsoft "hackers" even in the script-kiddie sense. They're con men.