[+] Wayc0de's Blog[+]

15/09/11

Will Windows 8's new interface herald full-screen scareware?

Microsoft has designed a new user interface for Windows 8, with an emphasis on bright colours and friendliness.

Personally, the interface (dubbed "Metro") reminds me of a child's toy.

Windows 8 and Simon toy

One of the interesting features of the Metro user interface is that apps are designed to be full-screen, without any surrounding furniture. That means you won't see scroll bars and the like, unless you interact with the interface.
One has to wonder whether this will lead to a wave of new scareware/fake anti-virus attacks.

Currently, malicious hackers poison webpages to display what appears to be a warning about malware found on your computer - tricking users into downloading software. The initial alert pops up in your web browser.

Fake anti-virus alert

These phony alerts have proven to be a very effective way for cybercriminals to fool users into installing their malicious scareware. And it's very likely we'll continue to see hackers trick your browser into displaying bogus warning messages

But, with Windows 8, these browser-based fake anti-virus warnings will be shown full-screen, without the tell-tale signs that you're in a browser, meaning it may be even easier to convince a victim into believing he is viewing genuine security alert from the operating system rather than simply a webpage pretending to be one.
Some will argue, no doubt, that Window 8's Metro simplistic interface is a sign of progress, making the use of computers less threatening to those who are currently put off by complicated GUIs.

But these are the very people who are, perhaps, most likely to be tricked into believing that a fake anti-virus alert is genuine and blindly do whatever the computer screen is advising them to do.

It will certainly be interesting to see how cybercriminals evolve their social engineering attacks to take advantage of a Windows 8 Metro-interfaced world.
One thing we've already seen is how Microsoft has - after many years - revamped their infamous blue screen of death. Now it's a cute screen of death instead (and a slightly different shade of blue).

Blue screen of death - is this progress?

Wow, that's real progress..

One wonders if the blue screen itself will be an all too attractive disguise for scammers and malicious hackers.

Will they attempt to duplicate the look of the now oh-so-friendly blue screen of death by popping it up in full screen browser sessions, tricking users into making bad decisions?

One thing we can be sure of - if the bad guys think they will make money effectively this way, they'll do it.

nb : nakedsecurity.sophos

Tidak ada komentar:

Posting Komentar