Rogue AV programs have become increasingly common in last two years. There are couple of things interesting about rogue AV programs. First, the bad guys here do not use (in most cases) any sophisticated attacks on clients. They instead rely on visitors to wittingly install their "AV program". How do they do this? Through social engineering – they create web pages which are very authentic copy of legitimate screens in Windows operating systems. These web pages make visitors believe that their machine is infected with several malicious programs and that the offered "AV program" can help them clean it.
Once the rogue AV program is installed, the victim has to pay money to get it "working" or, in some cases to even uninstall it. So, the money making scheme is simple (some rogue AV versions even steal local data and install keyloggers).
In order to get people to visit their web sites serving rogue AV programs, the attackers use different vectors-
They Spend a huge ammount on Advertisement like Google Adwords, which make them always on a top of google search list. The victims who trust google usually fall in such pranks and download these malwares.
The main reason, however, why rogue AV is so successful is its persistence and amount of details - the web page they use to scare the visitor looks almost exactly like Windows' Security Center. One such page is shown below:
I was, of course, interested to see what else they do so I decided to analyze the code behind. First of all, I must say that the code is very elegant and clean, it's obvious that the bad guys got a real programmer to code the page (and malware?) for them.
The web page uses JQuery, a well known and popular JavaScript library. After setting up the environment, the JavaScript code on the web page shows a fake scan of the machine with seemingly random file names. The file names are actually grabbed from a huge array contained in a separate file (flist.js). The file names in this array (there is 1100 of them) are actually copied from a Windows XP machine (C:WindowsSystem32 directory). This, of course, increases the authenticity of the scan.
After the scan finishes, the user is informed that the machine is infected with viruses. The JavaScript code on the web page initially set up some handlers, so no matter what the user does next he will see a window notifying him that his machine is infected (interesting, the attackers used JavaScript confirm() method to display this message).
Of course, this wasn't generated by Windows – it's actually just an image the attackers created. The "Remove all" and "Cancel" also aren't real buttons, just part of the image which has a handler that will get executed wherever the user clicks. You guess, on a click it will try to download the Rogue AV program. To eliminate any confusion, they also show this nice window where they explain what exactly needs to be done in order to install their rogue AV program.
It is now not strange that rogue AV programs are infecting so many machines. The devil is in the details, and the attackers made damn sure that all details are here to fool the potential victims
TechSetia.com : Technology Simplified
Techsetia.com is a dedicated technology blog that helps to learn, understand and explore the facts of computer technology.It covers various aspects of Information & Technology and other trending topics related to Operating System, Social Media, SEO,Internet world, Networking and much more is being added to this blog on daily basis.
How can I become a hacker?Where to start?
The term "Hacker" is spreading all over social networking sites/internet .So now everyone want to be a hacker.Manyone out there call themself hacker ,they dont even know a single programming language.Then you will ask who you are? I am not a hacker ,I am network/system admin having some knowledge in networking ,and know some programming language like C,C++,vb.net,
CREATE YOUR OWN TOOLBAR IN 2 MINUTE
You have seen lots of internet toolbar like google toolbar,yahoo toolbar and many more for many sites.So you may wish its good if you have a internet toolbar for your own site,blog or orkut community.Yes then you can create your own internet toolbar within 2 minutes.this is not amazing or exciting...
5 Pirate Bay BitTorrent Alternatives
The Pirate Bay we know and love, though still harboring torrents for now, is going away. But that doesn't mean BitTorrent is dead. Far from it. Here are five places to get your torrent on after it closes for good.
Hide files(MP3/txt) in MS word document-Trick
.Today I'll be showing you how to hide files (txt/mp3) on Word Documents (docx). (YOU CAN'T EDIT THE DOCUMENT AFTER YOU HIDE THE FILE)What will you need? - Word Document (docx) - File to hide (jpg/mp3/etc) - 7Zip (1st Method only)
Free Virus with Free AntiVirus
independence day india
independence day india 2014
independence day images
independence day speech
independence day of india
happy independence day images
speech on independence day
indian independence day
independence day sms
independence day wallpaper
15 august independence day
independence day songs
independence day essay
independence day speech in hindi
independence day speech for students
independence day photos
independence day messages
independence day wishes
happy independence day india
happy independence day india 2014
quotes on independence day
1947 independence day
Popular Posts
Labels
Blog Archive
-
▼
2011
(527)
-
▼
April
(64)
- What is Piggybacking ?
- GMAIL DOT TRICK
- RECORD YOUR VOICE WITHOUT ANY SOFWARE...!!
- Burn a CD on Windows XP without using software
- GAMES SECRETS...!!!
- Hard Drive Cleanup
- Hard Drive Defragmentation
- GOOGLE OPERATING SYSTEM.
- how to see infrared rays of ur tv via camera phone?
- HOW TO FIND YOUR GMAIL CREATION DATE:IMPORTANT
- HOW WE CAN LOCK DESKTOP ICON?
- Windows 8 gets a new task manager and USB booting
- SIMPLE TRICK TO ENABLE RIGHT CLICK ON DISABLE WEBS...
- How To Rotate Your Nokia Mobile Phone Screen From ...
- How To Block Your Stolen or Lost Mobile
- SPEED UP YOUR INTERNET SPEED
- FILESONIC LATEST PREMIUM ACCOUNT
- GOOGLE MAGICAL TRICK !!!!!
- Intex launches projector on a mobile phone!
- Divert call and DEactivATE call by just dialling n...
- NOW SEND 320 CHARACTER MESSAGE WITHOUT ANY ADS.
- Batch FIle Animation!
- Hack Windows Vista Administrator Account password
- how to hack friend facebook wall 100% working
- What Is Hibernate In Computers ?
- New way to boot win xp faster
- ADDING NEW OPTIONS TO THE RIGHT CLICK OF MY COMPUTER
- Nokia 3G Phones Price List In INDIA
- Microsoft's Attack Surface Analyzer (ASA)Tool
- HOW TO SECURE YOUR USB FROM GETTING VIRUS ON IT
- OPEN OFFICE 2007 FILES IN OFFICE 2003
- backward version of google
- WINDOWS 8 M1 [Leaked] [Dwnld]
- List of free sms sites
- Free Virus with Free AntiVirus
- Facebook Stylish Themes - by stylish
- Clean your RAM by notepad
- Cyber Laws-- One should know.
- How to Make Your Phone Unreachable
- Create HDQuality Video Upload to YouTube with 5mts
- HOW TO CREATE A PDF FILE ? AN EASY WAY
- Password Guessing
- HOW TO ENABLE COMMAND PROMPT IN SYSTEM,DISABLED BY...
- Longest video on youtube!,19 WEEKS!!
- Dont Press F1 - Your System could get HACKED
- Window 7's "GODMODE"
- TOP 10 IT Certifications
- Downloading a “Movie” or a “Microbe”?
- Java Drive : The Next Generation of Threats
- NOW ONWARDS EYE WILL BE USED AS MOUSE FOR LAPTOP
- SAVE YOUTUBE VIDEO IN 5 SEC WITHOUT ANY S/W
- Talking notepad
- How to find bsnl broadband usage via BSNL portal
- Animated Signature via photoshop
- [CODING] Google Jam is HERE.........
- [Tut] Get Facebook profile out of a picture
- HOW TO MAKE CON FOLDER IN YOUR COMPUTER
- [Offer Exipred][app] recover deleted files from HDD
- Now File Your Banking Complaints By SMS
- Change Google logo text
- Google Sphere - Have fun with Google
- Have FUN with Google - Try Google Gravity
- BLUETOOTH MAGIC.
- HOW TO MAKE A CALCULATOR USING BATCH FILE
-
▼
April
(64)
Tech Setia is a dedicated blog for Internet and Computer help, Technology update, Blogging, Windows, Software, Make Money Online, SEO and many more.
0 comments: