Misleading applications: How they fool the endusers.
Misleading applications are applications that pretend to do one thing while doing another. A good example are rogue security softwares that decieves or misleads the user into thinking that there are security issues with the computer he or she is currently using and requires the installation of software to remove the “threat”.
They usually use the web browser pop-up and make the user think that this is their Explorer and then shows that it is being scanned. Previous versions just show a small pop-up (similar to when you do something with files, except this one pretends to scan)
I've come upon this at home while surfing the internet. The current websites open are Facebook, Youtube, and Google (3 of the most visited sites in the world). Everybody I know visit this page every now and then and I'm pretty sure there are no malwares in their sites. So there I was, looking into my profile and noticed that one of my friends became a fan of someone. So I moved over to see what the fuzz is all about. Then a few seconds later a new tab opened and shows what seemed like a software scanning my supposed directory. After it finished scanning, it then told me that my computer is infected with threats.
So what did I do? Naturally, I tried to humor myself and let it run for a few minutes while laughing out loud. By the way, please don't try this unless you are prepared for the consequences.
It seems to find malwares in places that doesn't exist. I know how I setup my computer and I know there are no files like that on my PC. Plus the drive letters are all wrong. Anyway, what you see in the picture is a webpage trying and failing to bypass the web browser to show the page as a full screen instead of just being in a tab. Also, notice the titlebar on the small pop-up. When I move the pop-up question, it disappears under the tab buttons so I know that it is part of the web page. After finished “scanning”, it gave me a report of the malwares present and gives me the option to Remove or Cancel.
So what did I do next? You've guessed it. I clicked on the equivalent of 'yes'.
So the download begins. The makers of this software is good enough to add a script that would automatically execute the file upon completion of the download. But then, my PC doesn't know what to do with the file. It is at this point that I got bored and cancelled:
It just comes back again and again. This is where they got me. I cannot stop the pop-up from coming back. I cannot close the tab. And finally, when I closed the browser window and reopened it, all the toolbars are gone! Oh well, just delete a file that saves the last view/configuration of the software and things were back to normal. Yey!
In the corporate world, administrators want to be in control of the PCs in their network. And we should be. It is our heads that's on the line when it comes to the integrity of the system. Users who may not have access to the AV for our fear of them disabling them would think that there is no AV installed since we've hidden that icon and they probably don't even bother looking it up in the Progams. And clicking on these supposedly anti-malwares to install is their ethical thing to do. They'd probably just see what appears to be just their file explorer running with an AV looking into their system and finding all these nasty things in it. Some malwares would also give them the impression that it is finding things that your current AV cannot. Blocking these websites or keywords would only work for a little while until these companies get a new name and webhosting and go at it again.
Aside from having antivirus softwares installed and strictly updated. For the endusers to be aware of this other than the information for their awareness, maybe allowing them to change their desktop and explorer appearances or have your company replace the default appearance with a non-standard one would add another layer, though an extremely thin one, of protection. If an explorer shows up with their non-preset text and color schemes, it should give them cause for alarm. I cannot be certain on the countermeasures for this as I cannot control what each of the endusers does to their PCs. Progammers of misleading applications always finds new ways to fool users and sooner or later, they're probably be good at it to fool enough users in your network to cause major problems. Just be glad that they haven't copied the appearances of well known AVs in the market and be able to get away with it...or have they.