A new bit of malware has been making headway across the Internet, but is it really that big of a deal? You've probably seen the news that "Lizamoon," an SQL injection attack designed to point your browser to a piece of fake security malware, had infected hundreds of thousands of pages across the Internet. And this includes links found within Apple's iTunes itself? to a degree.
But here's the deal: In order for the script to have any noticeable effect on your computer, you have to agree to allow it to work its unhealthy magic on your system, according to WebSense (video below). Simply visiting a site with injected code only redirects your browser to another site, and the social engineering takes over from there.
The simple solution: Don't install unknown files! The more complex solution: Know what antivirus programs already exist on your system, and know what they look like when they scan for and find files. If something says you have malware on your system, and this something looks nothing like applications you already have on your system, be suspicious!
In this case, a successful Lizamoon redirect takes you to a dummy pages that looks as if a large antivirus/anti-malware scan is taking place on your computer. Go figure, the scan finishes quite quickly, and a user is alerted that his or her machine might be compromised by various Trojan horse attacks and other cleverly titled malware. If a user is still playing ball, he or she can click on the simulated option to "remove" these malware apps, which then pulls up a simple download window for a "malware-removing" executable.
Still with us? Here's the deal: If you push some common sense into the mix, you'll notice that this entire process seems a bit fishy to begin with. Step one: A virus scan for Windows Explorer appears in your browser window. Step two: It finishes in lightning speed. Step three: You have to download a file?apparently via Windows Explorer, but using your browser's standard download file prompt?to finish the deal.
In short, Lizamoon can't do a thing to your system unless you let it.
The SQL injection attack on the initial site you were visiting, which itself prompts the redirect to the bogus scanning site, only works on this first web site. Lizamoon doesn't hang out in your browser, or continually redirect you to fake sites, or install itself on your computer in a manner that doesn't first require you to perform the action yourself.
And if you're already running a piece of virus- or malware- scanning software like Microsoft's Security Essentials (free), Sophos Anti-Virus (not free), or SuperAntiSpyware (free, but not a real-time scan), the file that the "Your computer is compromised!" site prompts you to download will be flagged for what it really is: Malware.
So what has Lizamoon taught consumers? Don't let your browser con you into thinking that some kind of action is magically happening on your system, don't trust this magical action if it takes less than 30 seconds to do or looks otherwise unknown to you, and run an up-to-date virus-scanner in the background of your system. Ta-da: Lizamoon defeated.
No hay comentarios:
Publicar un comentario