Internet Security: Common Browser-Based Attacks to Avoid at Any Cost

Post image for Internet Security: Common Browser-Based Attacks to Avoid at Any Cost

by Darko Johnson



Don’t fall victim to the attacks described below. It’s ultimately you who decides here whether you’ll let hackers access to your computer or compromise your account. So make an informed decision by reading and implementing the methods and advise in the post below.


Facebook Phishing – To Access the Video, Please Login

Some of your friends might post a video like this on your wall:

facebook-phishing-1

Oh cool, a hot chick video. Click. Here’s what happens after you click:

facebook-phishing-2

A new window will appear prompting you to enter your username and password. If you’re in a rush, you probably WON’T notice the URL above.

Well, that’s what happened with many Facebook users on May 29th. The name of this phishing attack is “Most Hilarious Video Ever.” If you were a victim of this attack, your account was compromised.

Do you want to run that Java Applet? It comes from a trusted source…NOT!

So you want to run some cool game or online app in your browser. Before you do that, the website is asking you to run a Java Applet:

java-exploit-1

If you’re like most casual surfers, you might say: “Why not?” and proceed by clicking on “Run.”

BIG MISTAKE. See what happens after that:

java-exoloit-2

Yes, several files are created in your Temp folder including one .exe file which is probably a dangerous virus. Java apps can do nasty things in your computer. That’s why browsers give you ‘danger’ windows like the one above.

Do not download .exe files from Facebook (apps)

The below screenshot is from a malicious Facebook application that asks you to ‘update your video software’ by installing a brand new FLV player:

facebook-exe

Why would they REALLY ask you to download a FLV player? Is there a virus in it? In this case, no. The reason is money. Every time you download the software (FLV Direct Player), the owner of the Facebook app will get money for that. It’s called PPI (pay per install).

After a bit of research, I found they get $1.5 for each new installation. So if 1000 people download and install that FLV player, the owners of the Facebook app get $1500:

flv-payout-ppi

Rogue Antivirus – Would you Like to Download Anti-virus That is ACTUALLY a Virus?

This has happened to me twice so far. I would be searching for a particular topic on Google and then click on a search result and see a page come up that looks like a Microsoft security scan.

fakescan

THIS IS A FAKE SECURITY SCANNER. There is NO WAY for a security scanner or an anti-virus to run in your browser without your permission. After this ‘scanning’ is done, you’ll usually get a window saying your computer is infected:

threads-detected

After that, you get prompted to download an .exe file which is the magical antivirus that will remove the infections. Unfortunately, the file you’ll download actually contains a virus and if  your computer wasn’t infected before it will be now.

Another common screen you may get is this:

One Key Lesson to Learn:

Who’s most likely to fall victim of these attacks? It’s the person with the lowest attention span.

Bad news: We ALL have low attention spans. Hackers are using this to make us click “Run” and execute a Javascript applet without seeing the URL, or enter our login information and not see the beginning of the URL realizing it’s an unknown website.

The key lesson is: If you get a suspicious message or request (like the ones above), SLOW DOWN and say: “Wait a minute. This doesn’t seem right. Let me check the URL. Or can anti-virus programs really scan my computer via the browser?” So sustaining your attention is the key to protecting yourself from these kinds of attacks.

Related posts:

  1. What is the Average Digg User Like?
  2. 5 Amazing Google Chrome Extensions to Make Your Life Easier
  3. These Firefox Add-ons Can Make Your Life Easier

Previous post:

Next post: