Hey,
I'm doing a third year project about how malware gets downloaded through various web browsers whether its through exploits in the browser itself or by clicking on adverts etc.
I was just wondering if anyone can think of any unique ways malware gets embedded and downloaded? or if anyone knows of any research papers in that area?
Thanks in advance
How many times do users blindly click buttons, without reading the message?
The Vista/Win7 'feature' of UAC adds to the problem, in my opinion….
How many times do users blindly click buttons, without reading the message?
The Vista/Win7 'feature' of UAC adds to the problem, in my opinion….
Really? you think it adds to the problem? I was under the impression that it makes user's more wary of just blindly clicking accept.
How many times do users blindly click buttons, without reading the message?
The Vista/Win7 'feature' of UAC adds to the problem, in my opinion….
Really? you think it adds to the problem? I was under the impression that it makes user's more wary of just blindly clicking accept.
Every time the [average?] user wants to do something which requires admin rights (quite a bit of older software requires admin rights to even run), even if they don't quite understand why the pop-up is asking them, they click it.
Java update?
Flash player update?
Prompt to install Shockwave plugin?
(all common enough to have on most home PCs - and require the user to accept the pop-up…)
So all they would need to see on a malicious webpage is
1. the background (complete with images/text) would be darkened..
2. a pop-up asking them to run the software or not.
( both of which are simply JavaScript functions…. i.e. fake UAC prompt)
By fooling the user into thinking they are seeing a UAC prompt, they can download the malicious software onto the users PC.
The human link in the chain is always the weakest….. no matter how much security you try to enforce…
mal-flash-banners could make an interesting project