The Latest in IT Security

Fake missing plugin warnings used for spam/spyware

26
Jan
2012

A key element for a successful spam/malicious page is to establish trust with the visitor so that he will perform the requested actions. Users trust their browser, but not necessarily the content (i.e. web page) that it displays. A trick that I’ve blogged about earlier, is to fool the user into thinking that certain elements on the page are actually from the browser.

Recently, I’ve seen several websites showing a fake warning for a missing plugin. The fake warning is designed to look the same as the real warning shown by Firefox when the page requires a plugin that is not installed: a yellow bar at the top of the page with a link to install the plugin on the right, and a blue icon on the left.

Legitimate Firefox warning for a missing Adobe Shockwave plugin

On allostreaming.biz (French language), the fake warning is for a “missing” VLC plugin. You can tell that the warning is part of the page, and not part of the browser, because the scroll bar goes to the top of the warning, whereas the real warning is above the scroll bar (see the image above).

Fake warning for missing plugin

A look at the source code shows that the warning is indeed HTML from the page:

HTML code for the fake warning

The “VLC plugin” is the classic pay-per-install bundle, where the spammer gets paid for tricking the users into installing spyware/adware.

The spammers are using the same fake warning on all browsers, which is also a giveaway as browsers other than Firefox don’t actually have the same warning for missing plugins. Anyway, the attack will likely fool users of other browsers into installing this adware/spyware.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments