How familiar are you when it comes to various ways malware is distributed over the Internet? Over time, people have become wiser and more vigilant that they can’t be easily tricked by a “Nigerian Prince” email for example. However, it doesn’t mean that cybercriminals are stopping there; it only means that these bad people have been coming up with their criminal ways in a more covert fashion.

One way a malicious user can get his hands on your data or information is by playing off your day-to-day activities. An action that you consider harmless can actually be used by an attacker to inject malicious software on your system. Check out below some of the examples on how malware can be distributed to either destroy your system or steal personal information from you.

Cut & Paste Exploit

This is the unusual case of “pastejacking” wherein a user’s copy-paste command is hijacked using Javascript code. When the user performs to copy text, a “keydown event” is triggered because of the key presses. This event waits about a second, then plants text into your clipboard. Due to the time delay, this overwrites what you’ve copied, so you end up pasting what the keydown event gave you instead of the actual text that you copied. This is considered as one of the stranger malware distribution methods since it involves something that you input in your PC, rather than something that you download or run from the Web.

So how you get around this? Whenever you’re going to copy-paste a command into an important terminal, paste it first in another program, say Notepad, and make sure that it’s going to do what you think it will. If you notice that your command has somehow “transformed” between the copy and paste event, don’t proceed or run the new result.

Fake “Download Now” Buttons

You encounter a website that contains this every time you’re searching for a downloadable program on the Internet. Of course, you’re made to believe that this is a legit download path, so you go ahead and clicked that huge and green Download Now button to download the said program. Except that it went to a different dimension, which is nothing similar to the download page that you’re hoping to get.

In this case, a “false download” may have just tricked you. Some websites that focus on distributing free and legal software (CNET for example) have advertisements around their download page. Some of these adverts will have their own Download Now button in an attempt to trick people into clicking their advert instead of going to the download link that they really want. Below is an example of that fake Download Now button found on the CNET website.

Fake Download Now buttons is one of the trickier malware distribution method existing today, as it plays on our impulsive reaction to click on the very first (or biggest) Download button that we see. When downloading software, be very careful of the site you’re currently at and make sure that you’re clicking the correct Download button.

Messages and Posts from Friends

The social media malware post is one of the most wicked malware distribution methods, as users would think it has safe content since it was sent from a trusted person. It usually starts off with your friend either having their account hacked or being tricked by the virus themselves. Once your friend’s account is infected, the virus posts instant messages or feed posts asking friends to click on a link. These can be anything from asking you to visit a website, to saying that you won a lottery, to advertising a “great new app,” which actually contains a new virus.

So how do you protect yourself from being tricked? First, if a particularly grammar-strict friend of yours sends a message along the lines of “omg u have 2 see this,” immediately suspect any links they’re trying to trick you to click. Also, if your friend posts a link to a product or an app that would seem to be odd for them to post, treat it with suspicion. To verify if your friend is a real human being, talk to them first before clicking any link. If this is on IM, chat bots are usually programmed to deny any claims that they’re a bot. To validate this, ask a question only your friend knows the answer. Then if your so-called “friend” trips up, then you would confirm that it’s a trick and the one that’s sending the link is actually a chat bot. Inform your friend about the incident so that they would take immediate action on their hacked account.

Tags: ,

This entry was posted by Staff Writer on Saturday, September 24, 2016 at 6:31:58 AM and is filed under Computer Security & Data Protection.

Leave a Response