Today marks the first in what I hope will be an ongoing series of entries focused on End User Defense. The end user is the single point of exploitation that cannot be protected with hardware/software and is vulnerable primarily due to ignorance and a lack of awareness; awareness of both the trends and tactics of attackers and the dangers that result. Let us begin with using what most Americans should already know as a layer of defense: the English language. It will require some mental CPU cycles for sure, but being attentive to detail is a skill everyone should practice.
Fake antivirus attacks have been growing steadily since they first started popping up (literally) in 2006. Due to the success of this style of attack campaign, fake antivirus programs are getting new and improved capabilities. The original campaigns had one focus: defraud users of money with fear and a little social engineering/manipulation. As of late, the original focus is still going strong and quite profitable, but the attacks are also carrying more dangerous payloads beyond the obvious, turning infected machines into bots for additional nefarious purposes.
One of the easiest ways to thwart a fake antivirus attack is to use what we know against them: the English language. It’s no mystery that the majority of these attacks originate in Eastern Europe and Asia. Language barriers often get in the way of these attacks being as refined and accurate as they could be which leaves an opening for us as users to identify and evade an attack. The reality is the most obvious giveaway that something is not right when you’re presented with a trojan is the words used to engineer the user. This holds true in web based attacks as well as spam/phishing e-mail attacks
The gang at F-Secure recently had a great blog post citing some examples. You might have to look a bit for the errors, but most of them are fairly obvious that they shouldn’t have made it through a development and testing cycle from a legitimate corporation.
Our defense is to exploit the attacker’s weakness crossing the language barrier to identify and avert an attack before it’s too late. If you ever get a pop-up or prompt that seems a bit unexpected and attempts to catch you off guard, look at the language being presented. Is it grammatically correct? Are words misspelled or misplaced or just don’t sound right when read aloud? If so, then there’s a good chance it’s malicious.
The best way to avert such an attack of pop-ups or prompts is ALT-F4 (press and hold the ALT key while pressing F4). ALT-F4 is a shortcut key in Window that closes whatever application has focus (meaning the window that is currently selected and staring you down). That key combination will close the window without requiring you to click or otherwise interact with the attack. Clicking the red X at the top of the window is risky as many attacks use graphics that are linked to malware to entice the user to click the evil red X instead of the Windows one (if you’re even presented with a real Windows one).
Not all applications with typos are evil, so be alert. Pay attention to the details. If you’re getting a pop-up for something you think is legit and interests you, take note of the company providing the service/product and Google the company. A little leg work to validate your perception doesn’t take long and sure beats reinstalling Windows and the potential loss of data or worse.