Dubious downloads: How to check if a website and its files are malicious - 8 minutes read
Dubious downloads: How to check if a website and its files are malicious
Users often search the web for downloads when companies no longer support software, and what they find is dubious. How can they tell if the files are safe? We tell how to spot the difference.
A significant amount of malware infections and potentially unwanted program (PUP) irritants are the result of downloads from unreliable sources. There are a multitude of websites that specialize in distributing malicious payloads by offering them up as something legitimate or by bundling the desired installer with additional programs.
In November 2019, we learned that Intel removed old drivers, BIOS updates, and other legacy software from their site. While this software relates to products released in the last century and early years of the 2000s, many users still rely on old Intel products and have been left scrambling for specific downloads.
Users that follow older links to certain drivers and updates will find this instead:
Following the links to search the site or the download center only leads users around in circles—those downloads are gone. While some might argue that it is Intel’s right to remove drivers and updates after a decade, others understand that whenever legacy software is abandoned, a security nightmare ensues.
When users can no longer download files from official sources, desperate people will roam the Internet for a place where they can find the file they need. And what they usually find instead are malicious websites and downloads.
Habitually, threat actors find out which search terms are gaining in popularity as users seek out terminated software downloads and try to lure searchers to their site. They will use SEO techniques to rank high in the search results or may even spend some dollars to show up in the sponsored results for certain keywords. They can hide their malware in malvertisingin the form of downloads or even drive-by-downloads, in which users needn’t install a single file, only visit the site, to be infected.
After all, a victim that is desperately looking for a file he needs to get a system up and running again is really all a malware peddler could wish for. All they have to do is make the user of the site believe they have found the file they are looking for. Once they are convinced, they will download and install the alleged driver all by themselves.
All the threat actor has to do is upload the malware under some convincing filename and attract visitors to the site. This is basically the same modus operandi that you will find in use when people go looking for cracks and keygens.
So, what can users do to avoid falling victim to such a scam? A couple of things, as it happens. We will provide you with some checks you can do before you visit the download site. And there are some checks you can perform before you run the downloaded file, too.
When you have found a site that offers a file for download, there are a few actions you can take to check whether the site is trustworthy. They are:
Checking for the presence of the green padlock is a good start to ensure a site has purchased a security certificate, but it’s also not a guarantee that the website is safe. SSL certificates are cheap, and your neighborhood cybercriminal knows where to get them practically for free. If you click on the green padlock, you can find out who issued the certificate and for which site.
There are many websites that offer reviews of download sites and domains, and while many of these sites are reputable, they tend to fall a little bit behind in adding Internet newcomers. Our cybercriminal can afford to dump a domain like a hot potato once it has racked up too many bad reviews, then purchase a new site from which to run his scheme.
In short, you can trust reviews about sites that have been around for a while, but the lack of reviews for a site could mean they only started or they may be up to no good.
Some cybercriminals are brilliant programmers. Most are not. But all the successful ones have one skill in common: They are well-versed in tricking people. So, don’t accept a website as trustworthy just because it features logos of other trustworthy companies on its pages. Logo images are easily found in online searches, and they could be planted on the site for exactly that reason: to gain the visitors’ trust. Logos could also be stolen, unauthorized, or handed out for different reasons than you might expect.
Some browsers and some free applications warn you about shady sites—especially sites they know to be the home of malware and scammers. Malwarebytes Browser Guard, for example, can be installed on Chrome and Firefox, adding to the browsers’ own capabilities to recognize malicious domains and sites.
There are some methods you can use to weed out the bad boys in your download folder:
A checksum is a sequence of numbers and letters used to check data for errors. If you know the checksum of the original file, you can compare it to the one you have downloaded. Windows, macOS, and Linux have built-in options to calculate the checksum of a file.
The digital signature of a Windows executable file (a file with an .exe extension) can be verified after the file has been downloaded and saved. In your Downloads folder, right-click the downloaded .exe file and click Properties. Here you can click on the Digital Signatures tab to check whether the downloaded file is signed by the expected party.
Finally, use your anti-malware scanner to double-check that you are not downloading an infected file. You can also use online scanners like VirusTotal, which will also provide you with a SHA-256 hash for the file and save you the trouble of calculating a checksum.
All this may seem like a lot of work to those who habitually download files without a worry in the world. However, even the most practiced downloader eventually has their moment of truth—when that downloaded file wrecks their computer or all those bundled applications are harder to remove than expected.
People who download all the time have better instincts about which sites to trust or not, but that doesn’t mean they can’t be fooled. From experience, they know the sites that offer malware under a different filename from the sites that offer clean files. But sometimes, we reach for the shiny golden delicious and, once we take a bite, discover it has a worm.
We don’t all have the stomach or the knowledge to clean an infected computer. And some systems are not ours to put at risk.
Even if you follow all these pointers to the letter, it is still riskier to download files from unknown sites than it is to download from the company that made them. So we would like to urge companies to keep their “old files” available on their own site, even if the number of downloads has dwindled.
Source: Malwarebytes.com
Powered by NewsAPI.org
Keywords:
Website • Computer file • Malware • User (computing) • Web search engine • Download • Software • Computer file • Spot the Difference • Malware • Potentially unwanted program • Potentially unwanted program • Digital distribution • Malware • Payload (computing) • Installation (computer programs) • Computer program • Intel • Device driver • BIOS • Patch (computing) • Legacy system • Intel • Download • Download • User (computing) • Device driver • Patch (computing) • Legacy system • Computer security • User (computing) • Download • Computer file • Outlook.com • Internet • Computer file • Malware • Website • Download • User (computing) • Software • Download • The Searchers • Search engine optimization • Web search engine • Search engine optimization • Malware • Drive-by download • User (computing) • Malware • Computer file • Threat actor • Malware • Filename • Modus operandi • Keygen • Fraud • Padlock • Security certificate • Public key certificate • Cybercrime • Padlock • Website • Domain name • Internet • Cybercrime • Domain name • Hot-potato and cold-potato routing • Logo • Logo • Image • Online and offline • Logo • Copyright infringement • Web browser • Free software • Application software • Malware • Confidence trick • Malwarebytes • Web browser • Google Chrome • Firefox • Web browser • Malware • Domain name • Bad Boys (Alexandra Burke song) • Download • Directory (computing) • Checksum • Numerical digit • Data • Software bug • Checksum • Computer file • Download • Microsoft Windows • MacOS • Linux • Command-line interface • Checksum • Digital signature • Microsoft Windows • Executable • Filename extension • Download • Saved game • Download • Directory (computing) • Context menu • Download • .exe • Digital signature • Tab (GUI) • Antivirus software • Antivirus software • Computer file • Image scanner • VirusTotal • SHA-2 • Hash function • Computer file • Checksum • Computer file • The Moment of Truth (U.S. game show) • Computer • Application software • Digital distribution • Malware • Golden Delicious • Worm • Number •
Users often search the web for downloads when companies no longer support software, and what they find is dubious. How can they tell if the files are safe? We tell how to spot the difference.
A significant amount of malware infections and potentially unwanted program (PUP) irritants are the result of downloads from unreliable sources. There are a multitude of websites that specialize in distributing malicious payloads by offering them up as something legitimate or by bundling the desired installer with additional programs.
In November 2019, we learned that Intel removed old drivers, BIOS updates, and other legacy software from their site. While this software relates to products released in the last century and early years of the 2000s, many users still rely on old Intel products and have been left scrambling for specific downloads.
Users that follow older links to certain drivers and updates will find this instead:
Following the links to search the site or the download center only leads users around in circles—those downloads are gone. While some might argue that it is Intel’s right to remove drivers and updates after a decade, others understand that whenever legacy software is abandoned, a security nightmare ensues.
When users can no longer download files from official sources, desperate people will roam the Internet for a place where they can find the file they need. And what they usually find instead are malicious websites and downloads.
Habitually, threat actors find out which search terms are gaining in popularity as users seek out terminated software downloads and try to lure searchers to their site. They will use SEO techniques to rank high in the search results or may even spend some dollars to show up in the sponsored results for certain keywords. They can hide their malware in malvertisingin the form of downloads or even drive-by-downloads, in which users needn’t install a single file, only visit the site, to be infected.
After all, a victim that is desperately looking for a file he needs to get a system up and running again is really all a malware peddler could wish for. All they have to do is make the user of the site believe they have found the file they are looking for. Once they are convinced, they will download and install the alleged driver all by themselves.
All the threat actor has to do is upload the malware under some convincing filename and attract visitors to the site. This is basically the same modus operandi that you will find in use when people go looking for cracks and keygens.
So, what can users do to avoid falling victim to such a scam? A couple of things, as it happens. We will provide you with some checks you can do before you visit the download site. And there are some checks you can perform before you run the downloaded file, too.
When you have found a site that offers a file for download, there are a few actions you can take to check whether the site is trustworthy. They are:
Checking for the presence of the green padlock is a good start to ensure a site has purchased a security certificate, but it’s also not a guarantee that the website is safe. SSL certificates are cheap, and your neighborhood cybercriminal knows where to get them practically for free. If you click on the green padlock, you can find out who issued the certificate and for which site.
There are many websites that offer reviews of download sites and domains, and while many of these sites are reputable, they tend to fall a little bit behind in adding Internet newcomers. Our cybercriminal can afford to dump a domain like a hot potato once it has racked up too many bad reviews, then purchase a new site from which to run his scheme.
In short, you can trust reviews about sites that have been around for a while, but the lack of reviews for a site could mean they only started or they may be up to no good.
Some cybercriminals are brilliant programmers. Most are not. But all the successful ones have one skill in common: They are well-versed in tricking people. So, don’t accept a website as trustworthy just because it features logos of other trustworthy companies on its pages. Logo images are easily found in online searches, and they could be planted on the site for exactly that reason: to gain the visitors’ trust. Logos could also be stolen, unauthorized, or handed out for different reasons than you might expect.
Some browsers and some free applications warn you about shady sites—especially sites they know to be the home of malware and scammers. Malwarebytes Browser Guard, for example, can be installed on Chrome and Firefox, adding to the browsers’ own capabilities to recognize malicious domains and sites.
There are some methods you can use to weed out the bad boys in your download folder:
A checksum is a sequence of numbers and letters used to check data for errors. If you know the checksum of the original file, you can compare it to the one you have downloaded. Windows, macOS, and Linux have built-in options to calculate the checksum of a file.
The digital signature of a Windows executable file (a file with an .exe extension) can be verified after the file has been downloaded and saved. In your Downloads folder, right-click the downloaded .exe file and click Properties. Here you can click on the Digital Signatures tab to check whether the downloaded file is signed by the expected party.
Finally, use your anti-malware scanner to double-check that you are not downloading an infected file. You can also use online scanners like VirusTotal, which will also provide you with a SHA-256 hash for the file and save you the trouble of calculating a checksum.
All this may seem like a lot of work to those who habitually download files without a worry in the world. However, even the most practiced downloader eventually has their moment of truth—when that downloaded file wrecks their computer or all those bundled applications are harder to remove than expected.
People who download all the time have better instincts about which sites to trust or not, but that doesn’t mean they can’t be fooled. From experience, they know the sites that offer malware under a different filename from the sites that offer clean files. But sometimes, we reach for the shiny golden delicious and, once we take a bite, discover it has a worm.
We don’t all have the stomach or the knowledge to clean an infected computer. And some systems are not ours to put at risk.
Even if you follow all these pointers to the letter, it is still riskier to download files from unknown sites than it is to download from the company that made them. So we would like to urge companies to keep their “old files” available on their own site, even if the number of downloads has dwindled.
Source: Malwarebytes.com
Powered by NewsAPI.org
Keywords:
Website • Computer file • Malware • User (computing) • Web search engine • Download • Software • Computer file • Spot the Difference • Malware • Potentially unwanted program • Potentially unwanted program • Digital distribution • Malware • Payload (computing) • Installation (computer programs) • Computer program • Intel • Device driver • BIOS • Patch (computing) • Legacy system • Intel • Download • Download • User (computing) • Device driver • Patch (computing) • Legacy system • Computer security • User (computing) • Download • Computer file • Outlook.com • Internet • Computer file • Malware • Website • Download • User (computing) • Software • Download • The Searchers • Search engine optimization • Web search engine • Search engine optimization • Malware • Drive-by download • User (computing) • Malware • Computer file • Threat actor • Malware • Filename • Modus operandi • Keygen • Fraud • Padlock • Security certificate • Public key certificate • Cybercrime • Padlock • Website • Domain name • Internet • Cybercrime • Domain name • Hot-potato and cold-potato routing • Logo • Logo • Image • Online and offline • Logo • Copyright infringement • Web browser • Free software • Application software • Malware • Confidence trick • Malwarebytes • Web browser • Google Chrome • Firefox • Web browser • Malware • Domain name • Bad Boys (Alexandra Burke song) • Download • Directory (computing) • Checksum • Numerical digit • Data • Software bug • Checksum • Computer file • Download • Microsoft Windows • MacOS • Linux • Command-line interface • Checksum • Digital signature • Microsoft Windows • Executable • Filename extension • Download • Saved game • Download • Directory (computing) • Context menu • Download • .exe • Digital signature • Tab (GUI) • Antivirus software • Antivirus software • Computer file • Image scanner • VirusTotal • SHA-2 • Hash function • Computer file • Checksum • Computer file • The Moment of Truth (U.S. game show) • Computer • Application software • Digital distribution • Malware • Golden Delicious • Worm • Number •