For years, ads pimping malware disguised as legitimate antivirus programs have gone to great lengths to mimic the look and feel of Microsoft's Internet Explorer browser and Windows operating system. Now Mozilla Firefox, Google Chrome, and Apple Safari are getting the same treatment. A security researcher from Zscaler has …
I await . . .
. . . the Opera users who, failing to understand the methodology behind this approach, erroneously attribute Opera's absence from the list to be a sign of its superiority rather than its obscurity.
You have to admit that Opera users will not face these problems. This is an advantage to using Opera therefore it is a better browser than anything out there.
It's funny because it's true, nice effort.
I happen to use Opera, and while I'm glad I'm not so frequently targeted by scammers, I never make the mistake of thinking that I'm protected from them in the first place. Due diligence always wins in the end.
Opera isn't targeted, likely due to obscurity, not any "safety" mechanism in the browser that prevents these kinds of things. That is, unless, Opera no longer has a "click on the link and download a file" capability? Still does? Well, you're just as vulnerable then.
Also, I have a hard enough time finding people who would even notice if the "popup" or whatever is even associated with their browser program at all. I've seen Windows 7 users get the fake "Windows XP My Computer" scanning screen and think that it's their computer, even though it has green non-transparent bars and the other coloring-book design hints. Fail users. Having a Chrome icon isn't likely to trick them any better than simply saying "Your computer areinfected!!!" [space missing and "are" on purpose].
It's funny, because I had mused only last week in a comment that the fake websites should do a User-Agent meta check to target appropriately. Guess someone else finally got the clue too.
So humanity can put a man on the moon...
...but can't develop a workable rapid response solution that makes it impossible for criminal filth doing this sort of thing to pull money from credit cards and get away with it?
How many times......
Man didn't go to the moon, it was all faked on a film set in the Nevada desert!
I love it when someone says "We can put a man on the moon but..." because the fact is that even if we wanted to we couldn't, not without years of reinventing the wheel (or in this case, the Saturn V).
See, the Russians never could get the lift needed to do the job, so they stopped trying. No-one else ever made a serious attempt except the Americans, and because the development of every phase of Apollo was farmed out under contracts covered by DoD strictures, the plans and records held by the various companies involved (Grumman, McDonnell-Douglas et al) were destroyed after 25 years as called for by law.
Neither NASA nor the US Government never bothered to undertake any kind of project to archive the whole thing (probably due to legal/cost issues), at least, not one anyone will admit to (and this would be a no-lose bragging right anyone would want).
So the plain fact is we cannot, in fact put a man (or a woman) on the moon today because we've forgotten how. Turns out real engineering is ever so much harder to do than Star Trek makes it look. Whooda Thunkit?
The will to invest so much money in such a project simply isn't there in America today either. Hell, people resent the money spent on space today, and *that* keeps their cable TV and cell phones going. If you can't sell someone on an idea they already think is great, it's a canonical non-starter.
I expect the next nation to pull off the stunt will be the Chinese, assuming they see a reason to go.
Do not worry about poor aunt Mildred. We unplugged her years ago, on the basis that she actually wasn't all that poor.
Safari left out in the cold!
I've thought this for years though, browsers really should make it clear when a modal pop-up dialog box comes from a website instead of the OS - how about dimming the page in question and having the alert box fixed to the middle of the webpage? Using the same alert window style as the rest of the OS is just asking for trouble. (At least Chrome puts "The page at example.com says" above, but it's still not distinct enough really.)
"I've thought this for years though, browsers really should make it clear when a modal pop-up dialog box comes from a website instead of the OS - how about dimming the page in question and having the alert box fixed to the middle of the webpage?"
Firefox 4 does exactly this, you'll be pleased to know.
Dimming the page? Viruses already do that.
How would dimming the page help? Viruses already do this. They have been mimicking the Windows PC warnings for a number of years now - and this includes the dimming to make the user know that the button appearing on screen is complex and technical and needs to be pressed. (How many home users really understand a UNC prompt? Many just hit OK without thinking)
And it surprises me this is news, I have seen many variations of browser specific fake warnings in the past.
What we need to REALLY worry about is the day they start proof reading their warnings!!
Re: my post above
"How would dimming the page help? Viruses already do this." - Good point - pretty much anything which the OS does, VXers will attempt to fake. But at least if the webpage was dimmed and the alert was within its borders, users would be aware that the alert is coming from the webpage rather than the OS, so whether it was fake or not doesn't really matter as it's not as trusted as an OS dialog.
I doubt there's anything which can be done to stop users just clicking whichever button is flashing (minimum-time alerts?). Perhaps all this clicky-graphic stuff was wrong all along and it's time for us to go back to the command line! Anyone fancy starting a rural online community called the e-mish?
I've seen scareware sites doing some crude browser user-agent checking for almost a year. Often, they simply return a blank page for browsers that aren't IE, but occasionally I've seen Safari-style, and once or twice Firefox-style, popups. They're not as sophisticated as the windows shown in this article, but the malware gangs have been aware of browser differences for a while.
Forget Manning and Assange....
THESE virus writers / scammers / spoofers are the REAL bad guys.
Just been handed the second laptop to get this.
Thank you virus writers for giving me job security.
Just when I thought it was safe to use Ebay again,,,
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great