VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
セキュリティリサーチ

Fake Missing Plugin Warnings Used For Spam/spyware

image
JULIEN SOBRIER
1月 25, 2012 - 2 分で読了
A key element for a successful spam/malicious page is to establish trust with the visitor so that he will perform the requested actions. Users trust their browser, but not necessarily the content (i.e. web page) that it displays. A trick that I've blogged about earlier, is to fool the user into thinking that certain elements on the page are actually from the browser.

Recently, I've seen several websites showing a fake warning for a missing plugin. The fake warning is designed to look the same as the real warning shown by Firefox when the page requires a plugin that is not installed: a yellow bar at the top of the page with a link to install the plugin on the right, and a blue icon on the left.

Image
Legitimate Firefox warning for a missing Adobe Shockwave plugin

On allostreaming.biz (French language), the fake warning is for a "missing" VLC plugin. You can tell that the warning is part of the page, and not part of the browser, because the scroll bar goes to the top of the warning, whereas the real warning is above the scroll bar (see the image above).

Image
Fake warning for missing plugin
A look at the source code shows that the warning is indeed HTML from the page:

Image
HTML code for the fake warning
The "VLC plugin" is the classic pay-per-install bundle, where the spammer gets paid for tricking the users into installing spyware/adware.

The spammers are using the same fake warning on all browsers, which is also a giveaway as browsers other than Firefox don't actually have the same warning for missing plugins. Anyway, the attack will likely fool users of other browsers into installing this adware/spyware.
form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

dots pattern

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。