Beware the click-jacking Captcha of Evil!
Subject: General Tech | July 2, 2013 - 01:29 PM | Jeremy Hellstrom
Tagged: Malware, IE10, chrome, security
Just in case you weren't already getting tired of captchas there is a new click-jacking technique which works on both IE9 and 10 in Windows 7 and also on Chrome for Windows 8 so for the time being you might want to avoid any captchas that begin with an 'R'. The new Smartscreen features on Win8 as well as UAC should give you at least some defense and require you to allow the exectuable to run and infect your machine but you can be guaranteed that some less observant users will click straight through without reading the messages which appear. While this type of attack is nothing new, the particular technique mentioned at The Register does have some new tricks.
"A security researcher has discovered a sneaky social engineering trick that might be used to disguise the go-ahead to run hostile code on Windows 8 machines.
The so-called keyjacking technique, uncovered by Italian security researcher Rosario Valotta, is similar to clickjacking. However, instead of fooling marks into generating fake Facebook likes, the keyjacking involves disguising a "run executable" dialogue box within a CAPTCHA challenge."
Here is some more Tech News from around the web:
- Microsoft's murder most foul: TechNet is dead @ The Register
- ASUS USB-AC53 Dual-band Wireless-AC1200 Adapter Review @ Legit Reviews
- Last Call: Google Reader Dies Monday, Here Are The Best Alternatives @ TechSpot
- Genius DVR-FHD590 Dash Camera Vehicle Recorder @ Benchmark Reviews
- More Great Linux Awk, Sed, and Bash Tips and Tricks @ Linux.com
- Apple applies for 'iWatch' trademark in multiple countries @ The Inquirer
- VR-Zone Posts Intel SSD 5Q Roadmap – LSI SandForce Based 530 and 1500/2500 Pro M.2 SSDs On The Way
- Firefox Takes the Performance Crown From Chrome @ Slashdot
- Ninjalane Podcast Episode 30
- AT&T patents P2P content tracking system @ The Register
- July 2013 Contest - WIN an Apple iPad Mini 32GB @ Funky Kit
Get notified when we go live!