Malware Writers’ New Attack Point, Google Chrome

According to renowned security researcher Ed Bott, given that Google Chrome is highly easy to use and is also an extremely secured browser, a large number of people use it; however, it opens doors for cyber-criminals to exploit the medium for executing targeted assaults. Securitynewsdaily.com published this on April 21, 2011.

Taking the reference of a study by Virus Bulletin that concluded that users of the Chrome browser have fourfold more chances of getting deceived with social engineering frauds -those which attack the end-users without going through intermediaries - than via accessing malevolent websites that carry malware, Bott said that he discovered one accurate instance of the kind lately. In that he acknowledged Kevin Dente developer of Silverlight who gave a warning. Actually Dente entered a search term "Silverlight datagrid reorder columns" in Google.com through the Chrome browser opened on Windows PCs.

Consequently, of all the search results that appeared within Google's initial list, there were many extremely safe web-links; however, the 6th one was malicious. Hitting on it produced a pop-up box, which resulted in a fundamental assault based on social engineering. There was though a twist in that. It was tailored to suit in Chrome through the use of the familiar red background of the browser that made the assault look real.

Once the fraudulent security scan was over, one more pop-up from Google Chrome appeared alerting that the user should load appropriate software.

However, the poorly-written alert provided a clue, which might lead to the attack failing for a victim who spoke English and so became suspicious. Nonetheless, for a non-English speaking victim the assault might well succeed.

The malware writer possibly expected that and felt that a victim might click the cross button within the pop-up. Incase he did so, malware still got downloaded.

Stated Bott, he wasn't astonished to find Chrome becoming a fresh attack point. Writers of malicious programs were starting towards adjusting with computer users' changing behaviors. Indeed, there wasn't anything intrinsically more secured about other Web-browsers or operating systems too therefore, when PC operators adjusted to changes, the attackers too followed suit, Bott concluded.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 4/29/2011