Bait and CAPTCHA: How Malware Can Change Your Computer Screen
CREDIT: Malware image via Shutterstock
Italian security researcher Rosario Valotta has discovered — or rather, rediscovered — a trick that would let cybercriminals alter aspects of your computer screen to trick you into downloading malware or disguise other undesirable activities.
The trick, called "keyjacking," falls under a general category of Internet trickery known as "abusing browser interfaces" or "user interface redressing." In this instance, "redressing" is used in the same sense as someone putting on a different set of clothes.
Valotta's findings focus on a specific type of redressing found on Internet Explorer browsers running on Windows 7 or 8. On those browsers, before the computer will download a program, a popup box will appear asking the user to confirm the action by clicking either "run," "save" or "cancel."
This prevents malware from being automatically downloaded to a computer without the user's express permission. [See also: Hipster Cybercrime: Malware Goes Retro for 2013]
However, Valotta said that it's possible for cybercriminals to disguise this permission popup box by "dressing" it in what looks like a CAPTCHA that begins with the letter "R."
The computer understands a press of the "R" key as a hotkey shortcut for clicking "run" on the popup that the CAPTCHA disguises, thus giving the malicious program permission to enter your computer.
Keyjacking is similar to a process called "clickjacking," in which scammers overlay valid links on a Web page with invisible links to malware or other dubious Web pages.
So the user might think they're clicking on a perfectly good link or button, when in actuality, they've clicked on an invisible object that they couldn't detect, but which the computer could.
With keyjacking, it's key pressing instead of clicking that triggers an effect other than the one your screen would lead you to express. [See also: How to Spot Fake Anti-Virus Software]
These types of tricks are possible because what you see on a computer screen is a graphical rendering of back-end computer processes. Called a graphical user interface, or GUI, it's designed to be a middle ground between the computer's processes and a human's mind.
By targeting and altering GUIs, cybercriminals can make it so that communication between computers and their users is lost in translation.
These types of attacks are difficult to defend against: Users only have a few options, and none of them are infallible, Valotta said.
If you use Internet Explorer on a computer running Windows 7 or 8, you can use Windows' Smartscreen filter, a program that can check whether or not files are malicious. However, certain types of malware, especially new ones that Smartscreen hasn’t yet learned to recognize, will still get through.
"At the end of the day, merely no limitations exist for [keyjacking] attacks," Valotta said on his website.
For more detail on how the Internet Explorer trick looks, you can visit Valotta's website, where he's posted PowerPoint slides illustrating the way keyjacking is perpetrated on Internet Explorer.