Microsoft Malware Protection Center
This is the first of a two-part post.
Fear can be a great motivator for getting someone to act on the receipt of a message (think public health messages regarding smoking, or wearing sunscreen). Add some deception in there, and you have a powerful tool of illegitimate influence that can be used to get people to act in ways that are not in their best interest. Unsurprisingly, the same folks that bring you malware are the same folks that have no problem at all using illegitimate and deceptive fear appeals to get you to do something that they want that might not be so great for you. This post contrasts two types of malware that rely on fear, deception and technology in order to accomplish their ultimate goal. One type is increasing in prevalence, and another is on the way down (but certainly not out).
A number of years ago, the MMPC published a blog post on the use of fear appeals and how they were used to persuade (or scare) users into taking a particular action of the malware creator’s choice. Here’s the definition of a fear appeal from that post:
Full Article
TH
Making the most of fear and deception – rogue v ransomware (part 1)
+56This is the second of a two-part post, and continues from "Making the most of fear and deception – rogue v ransomware (part 1)".
Ransomware’s approach is aggressive. It uses fear to motivate an affected user to pay a fee (usually not with a credit card but using another payment system – Green Dot Moneypak, Ukash, and others). It generally uses only one deceptive message and is quite specific: you receive a message, supposedly from the police or some other law-enforcement agency accusing you of committing some form of crime. Commonly, these messages accuse the receiver of crimes associated with copyright violations (for example, downloading pirated software or other digital intellectual property) and/or the possession of illicit pornographic material. And if this threat isn’t enough, it backs the message up by rendering the system unusable, presumably until the fine is paid.
In a way, the messages are reasonably savvy. Downloading pirated or illegal copies of software or other material is quite common if you believe the hype (I don’t have figures that would allow me to comment more); however, I guess it’s conceivable that many of the receivers of such messages might be more likely to believe them if they have participated in this kind of activity in the past. As regards the possession of illicit, illegal and socially-reprehensible pornography, I can’t imagine too many people reporting these false allegations to the police or taking their computers to friends, family or professionals for repair considering the risk of being misjudged a deviant.
Full Article
TH
Ransomware’s approach is aggressive. It uses fear to motivate an affected user to pay a fee (usually not with a credit card but using another payment system – Green Dot Moneypak, Ukash, and others). It generally uses only one deceptive message and is quite specific: you receive a message, supposedly from the police or some other law-enforcement agency accusing you of committing some form of crime. Commonly, these messages accuse the receiver of crimes associated with copyright violations (for example, downloading pirated software or other digital intellectual property) and/or the possession of illicit pornographic material. And if this threat isn’t enough, it backs the message up by rendering the system unusable, presumably until the fine is paid.
In a way, the messages are reasonably savvy. Downloading pirated or illegal copies of software or other material is quite common if you believe the hype (I don’t have figures that would allow me to comment more); however, I guess it’s conceivable that many of the receivers of such messages might be more likely to believe them if they have participated in this kind of activity in the past. As regards the possession of illicit, illegal and socially-reprehensible pornography, I can’t imagine too many people reporting these false allegations to the police or taking their computers to friends, family or professionals for repair considering the risk of being misjudged a deviant.
Full Article
TH
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.