Imagine that a user goes looking around for a new browser. They’ve downloaded Firefox and Chrome but they’re just not satisfied. So they come across a website advertising a “cool new browser” and download it. The website says “Because the browser is new and makes lots of connections to the internet your antivirus may pick it up. Don’t worry, this is simply a false positive, we’re full accredited and you can see that we’ve signed the installer.”

The user runs the .exe, a little “This software is signed but we don’t recognize the cert” comes up and asks for Admin. Makes sense, most programs ask for admin when installing.

They install it, a browser installs (let’s say a reskinned firefox) but so does a malicious payload that embeds itself into the system.

No exploits were used, purely social engineering.

Most people would blame the user here. They should have known…

View original post 321 more words