I was doing a random Google search and came across this web page (URL withheld, because, well because.):
Immediately after this, I get a pop up box:
Well, I immediately went to my sandbox virtual machine (one that gets wiped clean after it gets swine flu) and tried it out:
And just like that: boom, file downloading. Then *boom*, the malware was blocked by our Cisco SourceFire Advanced Malware Protection. #winning!
This attack vector is particularly good. You see a page of gibberish, get a prompt and install a file with an official looking popover, complete with the Google logo.
I really think that this is the insurmountable security problem that we (the collective we) need to work towards solving. In everyone's crazy day, moving from one tab to another, multitasking with 8000 parallel tasks, who would notice that an install button popped up to the front and an installer downloaded to a task bar?
I work in network security, and it took my pea-brain a tick or two to raise the red flag.For people that aren't looking out for this, this is how stuff gets through. In this case, our firewalls blocked it, but if a bad actor was trying to spear-phish someone with custom malware or a very targeted malicious app, it could be game-over. These attacks are everywhere, and it is more important now than ever to be on the lookout for such attacks.
I think one of the non-technical answers to these problems is user education. Information out there is good, but they don't teach users to "spot the bad". Nothing can block 100% of the technical risk, but if we have employees that are always on the lookout for these types of attacks, then the awesome technical products can round out a solid defense.
At 24/7 Networks, one of the things that we do is share these types of attacks internally (via email and Cisco Spark), and provide a quick narrative about how it's out to get us. While that doesn't solve everything, it's a really good way to make sure our user base is educated about what's coming in via email and arriving through the web.
If you take away one thing from this article, it's don't ever click on anything. Ever. And set your PC on fire. That was a joke. Please don't set your PC on fire.