Forgive the lousy screenshot and transparency in the title bar, but I just got this fake virus popup while searching for an image. I admit for a single moment my heart jumped.
Then I thought after a few seconds as a techie (and note that all these observations just happened all at once in my head in no order):
- The dialog is perfectly centered in the browser. I'm not sure why this was my #1 tipoff, but for me, it was the first thing I noticed.
- This "popup" was as a result of a browser navigation. If it were legit I'd expect it to happen a little more asynchronously.
- The word "migth" misspelling in the popup.
- The fonts in the column headers are anti-aliased with one technique and the rest of the text doesn't use ClearType while my machine does.
- Poorly phrased English: "You need to clean your computer immediately to prevent the system crash."
- There's no option other than "Clean computer." No ignore, repair, quarantine.
- The word "computer" at the end of the first line goes too far to the right of the grid's right margin. It should have wrapped to the next line. Yes, I'm a UI nerd.
- Their Aero theme color is GRAY and mine is BLUE.
- Ctrl-Scroll ZOOMs the image. ;)
- The URL is obvious nonsense.
- Adware.Win32.Fraud? Seriously?
It's scary just to look at floating in your webpage there isn't it?
How is my Mom supposed to defend against this? Windows OR Mac (or tablets) the bad guys are out there, and one day they will finally learn English and put a little work and attention to detail into these things.
One day these things won't be "selectable" to prove to us that they are HTML:
As we enable HTML5 with local storage, geolocation, possibly native code and and other features the bad guys will start doing the same with their malware. If you can write Doom in HTML5 there's nothing (except the skill and the will) to keep you from writing adware/scareware/malware in JavaScript. Not just the standard CSRF/XSS type JS - which is bad, I know, I used to be in banking - but sophisticated duplicates of trusted software accurately recreated entirely in HTML5/CSS3 and today's modern JS.
Google Offline Mail and extensions run in the background in my browser now, what's to say some future malware won't? Should we digitally sign HTML5 apps? Do more Extended Validation SSL Certificates? How do you defend against this?
What do you think, Dear Reader?
© 2012 Scott Hanselman. All rights reserved.