- SandBox Information Center
- Malware Analysis Search
- Articoli sulla sicurezza
- Blog sulla sicurezza [EN]
- Livello di pericolosità [EN]
- Minacce attuali di virus
- Tipi di malware [EN]
- Descrizione dei virus [EN]
- Statistiche sulla posta elettronica [EN]
- Testi, white paper generici ed altro
- La tecnologia Norman
Malicious images (codes)
Introduction
One popular way to trick users into infecting themselves is to use links in emails. However, the criminals are constantly looking at new ways to trick us. In this article, we shall examine a new one.
Background
In recent years, the most popular way to spread malicious software has been through web sites. Many different techniques are used, and several of our previous articles have discussed these. Among the more common types are
- the real link in an email is a different than the one that is displayed,
- the link is similar to the domain name of a trusted site (e.g. microsoft.com vs. micorsoft.com),
- the link is a shortened URL, which may not show the real destination (e.g. http://bit.ly/pMpKlt),
- the link goes to a legitimate web site, which is under control by a criminal, and serves malware without the owner's knowledge,
- the link goes to a legitimate web site, which uses a third-party advertisement system, and the advertisements are infected by malware.
The list could easily have been made longer!
A new scheme
However, the criminals' imagination to find new techniques to trick users seem endless.
A blog post from our colleagues in Kaspersky's showed last week how QR codes were used as a vehicle for spreading malware.
A QR code (short for "Quick Response code") like the one above is an ISO standard for displaying information. It is being increasingly used for e.g. product identification and tracking of devices. QR codes cannot be read by humans, but they can be easily read by computers - including mobile devices. There are many apps available for smartphones that have the ability to read QR codes. The codes can also include links to e.g. web sites, which automatically opens.
If you have a smartphone, you may be able to let the phone read the QR code above, and you will soon see one of the pages on Norman's web site. However, the image could link to a malicious web page, which attempted to infect your phone.
The blog posting mentioned above shows an example of a real-life situation where a QR code was used to install trojan on smartphones running Android operating system.
What to expect?
Malware for mobile devices is increasing. The ease involved in creating QR codes that links to web pages implies that this will be a popular way to facilitate the propagation of malware for these devices.
The challenge for the criminals will be to invent schemes that trick users into using their smartphones to scan a malicious QR code. Expect some clever social engineering schemes to appear.
Imagine for example:
- a tempting advertisement placed under your car's windscreen wiper with a QR code for more information,
- QR codes on products substituted by malicious codes,
- QR codes on web pages or in emails advertising e.g. cool apps for smartphones,
- malicious QR codes on posters about anything that may pick your attention.
Some smartphones/apps have protection mechanisms against this type of schemes. Whenever a QR code has an embedded link, a type of confirmation is required before the link's reference is processed on the phone (and malware executed). Criminals that attempt to use malicions QR codes may in that case e.g. attempt to circumvent the protection by using the technique mentioned above with a malicious URL that closely resembles a trusted one.
