3 Malware Distribution Methods You Really Need to Beware Of

How much do you know about malware distribution methods on the Internet? People are beginning to wisen up regarding old tricks such as the “Nigerian Prince” email and as such aren’t falling for them as much as they used to. That doesn’t mean the malware developers have given up, however; it just means they’ve become more covert.

One way a malicious user can get access to your data is by playing off your day-to-day life routines. An action that you consider harmless and inconspicuous could actually be used by an attacker to put malicious software on your system. Here are a few examples of how malware distributors can hijack your daily routine and really ruin your day.

When you’re looking up how to enter a specific command into your Windows Command Prompt, a website displays the command, so you copy and paste it directly into the terminal. Only after you execute it do you realise you’ve pasted a totally different command into your terminal, and it’s probably doing something you’d rather it not.

This is the unusual case of “pastejacking” where a user’s copy-paste command is hijacked using Javascript code. When the user goes to copy text, a “keydown event” is triggered because of the key presses. This event waits about a second, then plants text into your clipboard. Due to the time delay, this overwrites what you’ve copied, so you end up pasting what the keydown event gave you rather than what you actually copied. It’s one of the stranger malware distribution methods given it’s something you input into your own PC, rather than something you download and run.

EverydayHabits-cmd

Complex commands, such as the chkdsk command shown above, are easily forgotten by users. As such, people are always hunting for websites that allow them to copy-paste the command straight into their terminals which gives malware distributors a great window to do their work. All they need to do is enter a particularly nasty command into the keydown event, and you have a recipe for disaster. Even worse, it’s possible to add suffixes that auto-run the command as soon as it’s posted, leaving you no time to realise your mistake.

So how do you combat this? When you’re going to copy-paste a command into an important terminal, paste it in something like Notepad first and make sure it’s going to do what you think it will. If you see that your command has somehow “morphed” between the copy and paste, don’t run the new result!

When you’re looking for a download site for a program, you come across a website that has said program. Great! You go to download the file, click the green “Download Now” button you see, and install the program. Except, the program that opens up is nothing like the program you actually asked for.

In this case, a “false download” may have just tricked you. Some websites that focus on distributing free and legal software (such as CNET) have advertisements around their download page. Some of these adverts will have their own “Download Now” button to try to trick people into clicking their advert instead of the download they actually want. Here’s an example we found on CNET to download Malwarebytes.

EverydayHabits-downloads

Do you see the advert at the top? If you clicked that, you definitely won’t be installing Malwarebytes; in fact, if you’re unlucky, you may need Malwarebytes to get rid of whatever that program installed on your system!

It’s one of the craftier malware distribution methods out there, as it plays on our tendency to act impatiently and click on the first “Download Now” button we see. When downloading software, make absolute sure that the button you’re clicking on is the correct one, and don’t hastily click a button that says “Download Now” on it until you’re sure it’s the one you actually want.

When you’re using your favourite social media website, a friend contacts you. They say that someone has recorded you doing something embarrassing and send you a link. Given that they’re a best friend, you have no reason to distrust them, so you click the link. But it turns out your “best friend” is actually a chat bot set up to fool people into clicking malware links.

The social media malware post is one of the more nefarious examples of malware distribution methods, as it plays off your natural tendency to trust everything your friend sends you. It usually starts off with your friend either having their account hacked or being tricked by the virus themselves. Once your friend is infected, the virus posts instant messages or feed posts asking friends to click on a link. These can be anything from asking you to check a website, to saying they won the lottery, to advertising a “cool new app” which is actually a virus.

EverydayHabits-FriendScam

So how do you dodge this trick? First, if a particularly grammar-strict friend of yours sends a message along the lines of “omg u have 2 see this,” immediately suspect any links they’re trying to get you to click. Likewise, if your friend posts a link to a product or an app that you’d never think they’d normally post, treat it with suspicion. To validate that your friend is actually a human being, talk to them before clicking any links they have posted. If this is on IM, chat bots are often programmed to deny any claims that they’re a bot. To tackle this, ask a question only your friend would know. If your “friend” trips up, it’s a trick! Be sure to warn your friend so they can take back their account.

Modern-day malware distribution methods are no longer the obvious ploys we’ve come to know them as. Given how information can travel the Internet at lightning speed, malware tricks can be outed moments after they’ve been released. Distributing malware is no longer about convincing people to click a link in a phishing email; it’s about hijacking a routine you’ve performed for years and leading you straight into a trap. Keep an eye out for these ploys in your daily life and stay vigilant; your “safe routine” may not be as safe as you first think!

Image Credit: How to Get Hacked on Facebook

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.