Saturday, June 30, 2012

If malware authors ever learn how to spell we're all screwed - the coming HTML5 malware apocalypse

If malware authors ever learn how to spell we're all screwed - the coming HTML5 malware apocalypse:
Forgive the lousy screenshot and transparency in the title bar, but I just got this fake virus popup while searching for an image. I admit for a single moment my heart jumped.
A very scary fake virus popup
Then I thought after a few seconds as a techie (and note that all these observations just happened all at once in my head in no order):
  • The dialog is perfectly centered in the browser. I'm not sure why this was my #1 tipoff, but for me, it was the first thing I noticed.
  • This "popup" was as a result of a browser navigation. If it were legit I'd expect it to happen a little more asynchronously.
  • The word "migth" misspelling in the popup.
  • The fonts in the column headers are anti-aliased with one technique and the rest of the text doesn't  use ClearType while my machine does.
  • Poorly phrased English: "You need to clean your computer immediately to prevent the system crash."
  • There's no option other than "Clean computer." No ignore, repair, quarantine.
  • The word "computer" at the end of the first line goes too far to the right of the grid's right margin. It should have wrapped to the next line. Yes, I'm a UI nerd.
  • Their Aero theme color is GRAY and mine is BLUE.
  • Ctrl-Scroll ZOOMs the image. ;)
  • The URL is obvious nonsense.
  • Adware.Win32.Fraud? Seriously?
It's scary just to look at floating in your webpage there isn't it?
A scary fake virus popup
How is my Mom supposed to defend against this? Windows OR Mac (or tablets) the bad guys are out there, and one day they will finally learn English and put a little work and attention to detail into these things.
One day these things won't be "selectable" to prove to us that they are HTML:
I selected the virus to make it invert its colors to prove it's fake
As we enable HTML5 with local storage, geolocation and other features the bad guys will start doing the same with their malware. Google Offline Mail and extensions run in my browser now, what's to say some future malware won't? Should we digitally sign HTML5 apps? Do more Extended Validation SSL Certificates? How do you defend against this?
What do you think, Dear Reader?


© 2012 Scott Hanselman. All rights reserved.


DIGITAL JUICE

No comments:

Post a Comment

Thank's!