Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Innovative way to get people to download malware

Featured Replies

This may be old to some, but I just found it, and it's pretty amusing.

Website pretends to be a part of your windows XP desktop, does a fake scan (javascript) and throws malware in your face.

I bet this is a really effective infection method too. I'm sure many inexperienced users will get scared and fall for it.

 

 

HD version is available on youtube.

 

Very similar to the antivirus 200x pops.

Never seen a full explorer version though, nice to know and be on the look out for.

[hide=Drops]

  • Dragon Axe x11
    Berserker Ring x9
    Warrior Ring x8
    Seercull
    Dragon Med
    Dragon Boots x4 - all less then 30 kc
    Godsword Shard (bandos)
    Granite Maul x 3

Solo only - doesn't include barrows[/hide][hide=Stats]

joe_da_studd.png[/hide]

I had one before, but it was fairly obvious because the popup text had two spelling errors.

What if you're not running the OS that the malware is designed in? I remember getting pop-ups with the xp skin when I was running vista. kinda gives it away

boratto.jpg
  • Author

What if you're not running the OS that the malware is designed in? I remember getting pop-ups with the xp skin when I was running vista. kinda gives it away

 

Well, that site fakes being XP, and that's all it does. It can be easily redesigned to look like any OS though, since it's pure javascript and icons. As for malware, most recent malware functions well in any OS past Windows NT (windows-vise), if it's coded properly, and does not depend on static locations such as C:\Documents and Settings\All Users\Application Data\

So with this I have to either: A) Don't go to untrusted sites, or B) turn of scripts for all non-trusted sites.

I suggest: C) All of the above.

Prism_Swords.png

I've got stuff like that before, but I was on a Mac and the website was the same.

ib7rVm.png

Reminds me of back two years ago when some guy tried scamming me out of an RS account. The fail was that I was in Linux, and it showed a fake virus scan in XP...

I was going to eat hot dogs for dinner tonight. I think I will settle for cereal.

 

OPEN WIDE HERE COMES THE HELICOPTER.

A lot of people still run XP though, a discerning user would be able to tell but its certainly quite clever to trick regular users.

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Bound to trick a few people.

 

I've always wondered what computing would be like if people who coded malware used their talents constructively instead of destructively.

Bound to trick a few people.

 

I've always wondered what computing would be like if people who coded malware used their talents constructively instead of destructively.

There's constuctive uses for malware? (As that's what they have a talent for making.)

Steam | PM me for BBM PIN

 

Nine naked men is a technological achievement. Quote of 2013.

 

PCGamingWiki - Let's fix PC gaming!

Tilgon, it's all Javascript, it could be mimiced to be in Linux.

 

And viruses for Linux do exist suprisingly enough, they're just so rare and get fixed pretty damn fast.

I was going to eat hot dogs for dinner tonight. I think I will settle for cereal.

 

OPEN WIDE HERE COMES THE HELICOPTER.

  • Author

Bound to trick a few people.

 

I've always wondered what computing would be like if people who coded malware used their talents constructively instead of destructively.

There's constuctive uses for malware? (As that's what they have a talent for making.)

 

Malware writers give jobs to security analysts, people in antivirus companies and pretty much everyone in IT security industry. They are dependent on each other.

 

I don't have a problem with these as I run Linux. :)

 

Nothing but a false sense of security. It's really easy to write a java applet (every skid wants a copy btw) that will download and install a backdoor on your PC, or simply destroy as much data as it can under default rights. Same goes for Mac and Windows.

Looks like there are more and more websites with this. I never had seen this for myself, until yesterday and today, which were in google ads that I mistakenly clicked on poorly made websites. Fortunately this doesn't work in Vista (or was it because I clicked the "do not execute scripts from this page" on the pop-up the site makes first on Opera).

Nothing but a false sense of security. It's really easy to write a java applet (every skid wants a copy btw) that will download and install a backdoor on your PC, or simply destroy as much data as it can under default rights. Same goes for Mac and Windows.

 

That's a problem... :ohnoes:

.

  • Author
Nothing but a false sense of security. It's really easy to write a java applet (every skid wants a copy btw) that will download and install a backdoor on your PC, or simply destroy as much data as it can under default rights. Same goes for Mac and Windows.

 

That's a problem... :ohnoes:

 

Does anyone care to remind me why we are giving random java applets whatever rights the user might have?

I don't know about anyone else, but I had to modify my security settings to allow Runescape's applet to store its cache files.

 

Even assuming that this does work, where is this supposed backdoor installed to? Who is it run by? What makes it start when the system is rebooted?

 

Use of things like NoScript allow users to prevent things like javascript, flash, java applets from running automatically when a web page is loaded, allowing the user to determine whether he or she trusts the web site in question.

 

That's true, using noscript will prevent it from execution, but I have to remind you that not everyone has it. As for java and security permissions, for me and 3 of my virtual machines + other people who test my stuff clicking run is enough to make it work.

Here's a proof of concept video:

 

W7 downloading calc[Caution: Executable File] from the web, running it and also executing the shutdown command from a java applet. Note that the security warning is from the file itself and can be avoided.

As for rebooting, it doesn't need to be rebooted. It's executed right on the spot.

.

  • Author

That's true, using noscript will prevent it from execution, but I have to remind you that not everyone has it. As for java and security permissions, for me and 3 of my virtual machines + other people who test my stuff clicking run is enough to make it work.

Here's a proof of concept video:

 

W7 downloading calc[Caution: Executable File] from the web, running it and also executing the shutdown command from a java applet. Note that the security warning is from the file itself and can be avoided.

As for rebooting, it doesn't need to be rebooted. It's executed right on the spot.

Which versions of which operating systems were tested?

 

I can't help but notice two security notices and a warning message, leaving me to assume that you are referring to the following when you say to "note that the security warning is from the file itself and can be avoided."

45510534.png

If that is so, then let's not skip by the fact that the user is ignoring the following two warnings.

First, before the applet is run:

[hide]71981080.png[/hide]

And then the UAC warning about "update[Caution: Executable File]" from an "unknown publisher" at "C:\Users\DS\AppData\Roaming\update[Caution: Executable File]".

[hide]76100781.png[/hide]

 

For clarification, my question was never about rebooting before execution, but rather about execution after rebooting.

A backdoor which is not run after a system reset is a rather poor backdoor indeed, practically useless on any system which is shut down regularly (assuming that your idea is to maintain access, rather than just execute once). Executing once is fine if you want to do something like have a one-time snapshot of a file, delete whatever you can, or download another executable. I'm assuming that this last point is what you were referring to when you mentioned that

It's really easy to write a java applet (every skid wants a copy btw) that will download and install a backdoor on your PC
Unless I'm mistaken and you meant something else, would you care to expand a bit on just what allows any sort of permanency?

 

As for not every user having something like NoScript, that was a general suggestion to Tiigon if he's really worried about malicious code running on his computer, rather than a claim that it would prevent this from working on every computer system in existence.

Tested OS: Ubuntu, Fedora, Xp, Vista, 7.

The first image is the logout warning. It appears when you execute the shutdown command (executed using the applet). Second is the applet itself, you can't bypass it, but many people will click on it anyways if it's supposed to be a fake chat, webcam or a game. For UAC, I already said that it can be bypassed. I'm not going into the howto but it can be done. For permanency, if I understood what you meant by that, the applet does NOT use any exploits, thus can't be patched.

Use of things like NoScript allow users to prevent things like javascript, flash, java applets from running automatically when a web page is loaded, allowing the user to determine whether he or she trusts the web site in question.

 

Then I've got no problem, as I happen to have that. :)

.

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.