3 Malware Distribution Methods You Really Need to Beware Of

How much do you know about malware distribution methods on the Internet? People are beginning to wisen up regarding old tricks such as the “Nigerian Prince” email and as such aren’t falling for them as much as they used to. That doesn’t mean the malware developers have given up, however; it just means they’ve become more covert.

One way a malicious user can get access to your data is by playing off your day-to-day life routines. An action that you consider harmless and inconspicuous could actually be used by an attacker to put malicious software on your system. Here are a few examples of how malware distributors can hijack your daily routine and really ruin your day.

When you’re looking up how to enter a specific command into your Windows Command Prompt, a website displays the command, so you copy and paste it directly into the terminal. Only after you execute it do you realise you’ve pasted a totally different command into your terminal, and it’s probably doing something you’d rather it not.

This is the unusual case of “pastejacking” where a user’s copy-paste command is hijacked using Javascript code. When the user goes to copy text, a “keydown event” is triggered because of the key presses. This event waits about a second, then plants text into your clipboard. Due to the time delay, this overwrites what you’ve copied, so you end up pasting what the keydown event gave you rather than what you actually copied. It’s one of the stranger malware distribution methods given it’s something you input into your own PC, rather than something you download and run.

EverydayHabits-cmd

Complex commands, such as the chkdsk command shown above, are easily forgotten by users. As such, people are always hunting for websites that allow them to copy-paste the command straight into their terminals which gives malware distributors a great window to do their work. All they need to do is enter a particularly nasty command into the keydown event, and you have a recipe for disaster. Even worse, it’s possible to add suffixes that auto-run the command as soon as it’s posted, leaving you no time to realise your mistake.

So how do you combat this? When you’re going to copy-paste a command into an important terminal, paste it in something like Notepad first and make sure it’s going to do what you think it will. If you see that your command has somehow “morphed” between the copy and paste, don’t run the new result!

When you’re looking for a download site for a program, you come across a website that has said program. Great! You go to download the file, click the green “Download Now” button you see, and install the program. Except, the program that opens up is nothing like the program you actually asked for.

In this case, a “false download” may have just tricked you. Some websites that focus on distributing free and legal software (such as CNET) have advertisements around their download page. Some of these adverts will have their own “Download Now” button to try to trick people into clicking their advert instead of the download they actually want. Here’s an example we found on CNET to download Malwarebytes.

EverydayHabits-downloads

Do you see the advert at the top? If you clicked that, you definitely won’t be installing Malwarebytes; in fact, if you’re unlucky, you may need Malwarebytes to get rid of whatever that program installed on your system!

It’s one of the craftier malware distribution methods out there, as it plays on our tendency to act impatiently and click on the first “Download Now” button we see. When downloading software, make absolute sure that the button you’re clicking on is the correct one, and don’t hastily click a button that says “Download Now” on it until you’re sure it’s the one you actually want.

When you’re using your favourite social media website, a friend contacts you. They say that someone has recorded you doing something embarrassing and send you a link. Given that they’re a best friend, you have no reason to distrust them, so you click the link. But it turns out your “best friend” is actually a chat bot set up to fool people into clicking malware links.

The social media malware post is one of the more nefarious examples of malware distribution methods, as it plays off your natural tendency to trust everything your friend sends you. It usually starts off with your friend either having their account hacked or being tricked by the virus themselves. Once your friend is infected, the virus posts instant messages or feed posts asking friends to click on a link. These can be anything from asking you to check a website, to saying they won the lottery, to advertising a “cool new app” which is actually a virus.

EverydayHabits-FriendScam

So how do you dodge this trick? First, if a particularly grammar-strict friend of yours sends a message along the lines of “omg u have 2 see this,” immediately suspect any links they’re trying to get you to click. Likewise, if your friend posts a link to a product or an app that you’d never think they’d normally post, treat it with suspicion. To validate that your friend is actually a human being, talk to them before clicking any links they have posted. If this is on IM, chat bots are often programmed to deny any claims that they’re a bot. To tackle this, ask a question only your friend would know. If your “friend” trips up, it’s a trick! Be sure to warn your friend so they can take back their account.

Modern-day malware distribution methods are no longer the obvious ploys we’ve come to know them as. Given how information can travel the Internet at lightning speed, malware tricks can be outed moments after they’ve been released. Distributing malware is no longer about convincing people to click a link in a phishing email; it’s about hijacking a routine you’ve performed for years and leading you straight into a trap. Keep an eye out for these ploys in your daily life and stay vigilant; your “safe routine” may not be as safe as you first think!

Image Credit: How to Get Hacked on Facebook

8 comments

    • Even though I appreciate the relative safety of Linux and your devotion to it, this answer was more of a knee-jerk reaction than a helpful — or true — response. Are you suggesting that Linux users make no use of Chat or IM clients? Does Linux not have a command line where someone might attempt to copy/paste the “correct” syntax for a complex command from a “helpful” website? Is Javascript unavailable in browsers used by Linux? Do Linux users not have access to CNET or other websites which may have multiple Download buttons?

      I hope you see the point, and think it through before you respond so quickly.

  1. The Copy&Paste hijack is a protection that should probably be built into browsers along with the target=”_blank” vulnerability (link below):

    https://dev.to/ben/the-targetblank-vulnerability-by-example

    Browsers are getting pretty massive but it’s also irresponsible of browser makers (especially those pushing ‘cloud’ services) not to address common phishing and other vulnerabilities in html5/js.

    • Very true. There’s a lot we can do to stop ourselves from being hit with phishing, but there’s also a lot browser developers can do to detect and block these kind of attacks.

      Nice heads-up about the _blank vulnerability, too — thanks!

  2. You left a VERY DANGEROUS and even nastier detail in the CNET download example, so obvious I was ASTONISHED that it passed you by:

    The DOWNLOAD NOW button!!!

    Everyone who has had the misfortune of using THAT button has been found themselves victims of ‘drive by’ download… Didn’t you notice, in small letters, the terms ‘SECURE DOWNLOAD’?

    Well if you click that you WON’T get that program but a ‘secure’ downloader that is going to wrap what you are trying to get with all kinds of adware and malware…

    Folks, if you MUST use CNET to download stuff… At least look for the DIRECT DOWNLOAD link in small type, or get to the publisher’s webpage directly and download from there.

  3. Looking for a particular Word Game ( Word Travels) that I had already purchased I could not download it again (new laptop) I found it on “BIGFISHGAMES.COM” – I paid for it by credit card and it would not download to my computer. After numerous attempts, they offered me different games, I refused and wanted my refund.

    HUUUUGE MISTAKE, they got ticked when I kept asking for my refund and I ended up with malware.
    Note to anyone purchasing games from this site: BEWARE

    janvag

Comments are closed.

Sponsored Stories