What not to click ?–Clicking & Phishing

Unless you are a Command Prompt guru, you normally will use the computer by clicking “things” on the desktop,  so you have all the chances  to get infected clicking “bad things” on the Web. The experts from the security vendor Avast, estimate that 85% from the computer infections are the results of using inadequate the Internet and clicking neglectful the links.

The Social Networking sites as Facebook, Twitter, MySpace are the preffered targets of hackers, due to the high volume traffic they receive. It is well known the attacks using sexy video or naked photo links, the users attention beeing disturbed by the temptingly content. The rules for preventing computer infections by these kind of malicious code are simple :

- don’t click any pop-ups that suddenly appear on your computer, even if it claims it’s a security software that will disinfect or clean your computer-most likely these are “fake or rogue antiviruses” malware;

-don’t click any video or photo related link, especially those related to sex or humour even if it’s sent by your friend – he can be infected and the malware send you the link as a part of the spreading method;

- watch very very carefully your web-browser adress bar to see where you navigate for real or better check the link adress properties to see what is the adress hidden under the anchor link: simply move the mouse cursor over a link and you will see in the Status Bar(bottom bar) the hidden adress. Shortening URL servivces represent another danger for the users, because they simply they does not know the final destinations of a link like this : http://bit.ly/3abc or http://tinyurl.com/57xyz. There is an addon for Mozilla Firefox that come in our help for preventing computer infections or phishing attacks : Long URL Please . This addon will decrypt the true adress of a link by hovering the mouse on it. Another helpfull addon for Firefox for prevent phishing is Formfox which detect the URL where you will send the information entered in forms,  as usernames and passwords and tell us if the site appear as genuine or not.

The “clickjacking” techniques uses very often a malicious transparent or semi-transparent iFrame hidding for example the “Like” button from Facebook. This will publish on your own Facebook page that you “like” the webpage and beeing shared with your friends it will result in a fulminant spread of the malicious website adress. Similar on Twitter where an invisible(transparent) iFrame can hide the Re-Tweet button. Or clicking dubious video links will takes you to a malicious site or rogue Facebook application that urges you to download and install an “update” or a “codec” for your video player. Meanwhile the application will forward the malicious link to all your Facebook friends in your name.

No need to stress you that installing this fake programs you are in a big trouble.

The consequences of  “clickjacking” can be more serious if for example a hacker load a Paypal like page in an invisible iFrame tricking the user to type the username and password in that iFrame controlled by the hacker. The conclusion is the things are not always what they appear to be and the precautions are the best way to prevent computer infections.

A simple “clickjacking” variant is the “phishing” where the user is led to other webpage than the one he requested, clicking a “phishing” link. This other webpage is a “clone” copy of a let’s say banking site where the user execute online transactions. The “clone” is uploaded on a server controlled by the hacker and using very simple PHP code, the attacker can collect all the data the innocent user type in the forms, compromising the online banking account.

The other “phishing” variants like desktop phishing or tab phishing are not clicking related but must be mentioned here.

Desktop phishing is happening when the hosts file is altered by a malware, redirecting the user to the phishing site, for eample adding a line :

paypal.com   x.x.x.x ——–> phishing URL

redirecting the user who types in the browser adress “paypal.com” to the x.x.x.x site. There exists a clone of the paypal.com, site tricking the user to introduce the login details in the forms and saved in the attacker database.

The Tab phishing or TabNabbing happen when a user has multiple Tabs opened and navigate to a malicious site that using Java scripts, change the content of Tabbed pages, so when the user re-open these pages, them seems to be the login pages for different sites the user visits often. The user simply does not remember if he opened that pages, and introduce the login details in the “cloned” site, in this way passing the sensitive data to the hacker.

Thus, is recomendable to always run an up-to-date operating system, browser and antivirus and you won’t get in troubles(hopefully).

Posted in Thoughts. Tagged with , , , .

3 Responses

Leave a Reply