News19,135 Articles

September 25, 2008

Fake Windows warnings continue to trick users

Study: Pop-ups are a growing security threat

Robert McMillan

Psychologists at North Carolina State University have found that computer users struggle to distinguish between fake Windows warning messages and the real thing.

In an experiment that tested the responses of 42 web-browsing university students, they found that almost two-thirds of them - 63 percent - would click 'OK' whenever they saw a popup warning, whether it was fake or not.

"Many people fall for this style of attack by not recognising the visual elements that separate real and fake warning windows," the researchers concluded in a paper delivered at an academic conference in New York this week.

That's bad news, security experts say, because fake popup messages can take you to some very bad places on the internet.

Phoney 'AntiVirus 2008' codec blackmails users

In the experiment, users tended to see the popup windows as an irritant that they needed to get rid of as quickly as possible, said Mike Wogalter, a psychology professor at North Carolina State who co-authored the study. "They really didn't think about it at all," he said.

Clicking on a fake popup window can take you to a website you may not have intended to visit, but there can be nastier results as well. In one well-known scam, victims are sent an email with a link to a web page that promises an interesting video clip. When they try to watch it, however, a popup message tells them they need to install special codec software to view the video.

In fact, the software is a Trojan downloader that then laces the victim's computer with malicious software such as keyloggers that track usernames and passwords.

To make matters worse, fake popups are increasingly found on legitimate websites, often delivered via online advertising networks, said Eric Howes, director of malware research with security vendor Sunbelt Software. "It's becoming a real problem because a few years ago, you would only see these fake popups on some of the seedier places on the internet."

Harvard Assistant Professor Ben Edelman agrees that deceptive popups are a big problem. "These are widespread, particularly when you stop one notch below the very fanciest news sites," he said. "If you go to MySpace or if you just run Google searches and click on results, you're likely to stumble on such ads."

While it's easy to blame users for missing bogus error messages, Wogalter said software developers who have overwhelmed their users with too many warning messages should also share the blame. "They shouldn't be putting people into this sort of position," he said.

The North Carolina State researchers said that their subjects chose the best course of action - clicking the red X ‘close window' button at the top right corner to close their fake popups - just under a third of the time.

But Sunbelt's Howes said scammers are so clever these days that the ‘close window' buttons are often fake too. "You can get into this sort of Alice in Wonderland desktop where nothing responds like you think it should," he said.

Users who are really concerned about a popup message should close the window from the Windows taskbar at the bottom of the screen.

Or some may feel compelled to take more drastic action. "Sometimes the safest thing to do is to kill the entire browser," Howes said.

Free whitepaper: Is social networking really bad for business?

<<newer story | back to index | older story>>

Comments received


Mic said on Thursday, 25 September 2008

Surely hard drives should be two-tiered. Think of it. American houses have front doors that give instant access to the lounge, just like a hard drive. Sensible people have Porches. This extra ante-room denies instant access. Hard drives need a 'clearing space' which receives and filters data before it gets to the system proper, even if it means duplicating certain systems. Security software and prompts could quarantine most intruders in The Porch. Come one, it's nearly Christmas, lots of time to write this software and make a killing.

sonic said on Thursday, 25 September 2008

A lot of people already do this. It's called virtual computing. Microsoft have one called virtual PC (it's free but doesn't work on Vista home premium or basic). VMware is another. You basically run a copy of windows inside windows. Or better still inside Linux, then if it gets infected you just discard the changes when you close the virtual machine.

Tony said on Thursday, 25 September 2008

why is it not a legal requirement of all websites that they thoroughly vet ALL Ads. before letting them onto their website and out into the public domain? this action would surely solve this problem.

Mr Mistoffelees said on Thursday, 25 September 2008

Surely the best solution is effective pop-up blocking.

I use opera and have pop-up blocking set to "block unwanted pop-ups".

I just don't see pop-ups of this type.

James said on Friday, 26 September 2008

Opera definitely is a good solution. It doesn't block all popups but the ones that do get through display the domain of the website at the top every time, so you can see where they come from. Opera is more secure in many ways. I've got all sorts of malware through both IE and Firefox before, the worst I've gotten in two years of using Opera is some easily cleared bad cookies. Not a single virus or trojan, and I DO go to some seedy places on the internet sometimes. :P

Fred W said on Friday, 26 September 2008

The safest course is to *always* close the browser itself when one of those things pops up. I know it's a pain in the - tail - but, it's a bigger pain to try to eradicate malware or reinstall Windows or jump through hoops to clear your otherwise good name or...

redstringuitar said on Friday, 26 September 2008

Penalties should be harsher, anyone running, or allowing bad scripts to run on sites should be denied access to the web indefinitely, on top of huge fines and/or prison sentences. Innocent surfers should not have to "run the gauntlet" with these online criminals.

Sirah said on Monday, 29 September 2008

To begin with Microsoft should be more restrained on using so many warnings: only exceptionally should IE itself or Microsoft Office make an use of any of them, as it was before XP. This way users would not find warnings to be normal and would not "fall in the trap" so easily.

What is this?

Subscribe to PC Advisor now and claim your FREE gift

Keep up to date by adding PC Advisor News to your iGoogle home page or Google Reader


Question of the day!

Does your smartphone replace your need for a laptop when on the move?

Question of the day!

Does your smartphone replace your need for a laptop when on the move?

% of PC Advisor readers agree with you

Yes
TBC
No
TBC

What tasks can your smartphone do that would have traditionally been done on a laptop?

119 characters remaining

Follow the conversation at @SmartphoneFocus

web browsing, search facilities, voip, email, word processing everything RT @Graham_D_C

Mainly email but getting better at spreadsheets etc, RT @IDGdan
Google


Recent reviews

Reviews index


Latest reader comments

Latest reader comments


Top news

News index


Latest blog entries

Blogs index


 Our RSS feeds

Sponsored Content

  • Take the internet to new places with the Nokia N800
    Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
    Buy now