Familiarity with GUI and Stealthy Malware Delivery

So I recently had a thought about how browsers have natural looks to them and what makes people click buttons without thinking.

For example if I was a Vista user I might get annoyed by the constant string of “Do you want to allow this program to make changes to your computer?” dialogues, and will probably heed this warnings less and less every time.

So taking this idea into practice, what other warnings are we very likely to deem “meh” and just click past? What “styles” of access controls do we just trust by default?

Legit Firefox Warning

For example the “Server not found” dialogue is very common to a Firefox user if he uses the browser at all.

So what happens if we just copy the HTML source of this page and modify it slightly?

modifiedpagenotfound

Looks maybe legit? OK. So not perfect but it looks pretty good right? (Also on a weird note this page was hosting on my server but could reference locally stored browser CSS pages which is neat!)

Of course technical people might not fall for this but I’d be pretty sure that most computer users wouldn’t think twice about this type of thing.

It brings up the question of just how many attacks could leverage this idea – are their any dialogues you trust? Muscle memory “oh that’s a dumb dialogue *click*” can really come back to haunt you in many situations!

I’ll probably revisit this idea later when I can think of more dialogues that can be attacked this way but until then it’s a very interesting idea to consider.

-mandat0ry

Matthew Bryant (mandatory)

Matthew Bryant (mandatory)
Security researcher who needs to sleep more. Opinions expressed are solely my own and do not express the views or opinions of my employer.