- 10 IT security companies to watch
- Mobile phone chargers are energy vampires
- Smartphone smackdown: Storm vs. iPhone
- Video game collisions I'd like to see
- Court slams door on sale of spyware
Web surfers have a standard reaction to error messages that pop up in their Web browsers, according to new research published this week: They click "OK" and hope it will disappear.
Psychologists at North Carolina State University found that computer users have a hard time distinguishing between fake Windows warning messages and the real thing. In an experiment that tested the responses of 42 Web-browsing university students, they found that almost two-thirds of them -- 63% -- would click "OK" whenever they saw a popup warning, whether it was fake or not.
"Many people fall for this style of attack by not recognizing the visual elements that separate real and fake warning windows," the researchers concluded in a paper delivered at an academic conference in New York this week.
That's bad news, security experts say, because fake pop-up messages can take you to some very bad places on the Internet.
In the experiment, users tended to see the popup windows as an irritant that they needed to get rid of as quickly as possible, said Mike Wogalter, a psychology professor at North Carolina State who co-authored the study. "They really didn't think about it at all," he said.
Clicking on a fake pop-up window can take you to a Web site you may not have intended to visit, but there can be nastier results as well. In one well-known scam, victims are sent an e-mail with a link to a Web page that promises an interesting video clip. When they try to watch it, however, a pop-up message tells them they need to install special codec software to view the video.
In fact, the software is a Trojan downloader that then laces the victim's computer with malicious software such as keyloggers that track usernames and passwords.
To make matters worse, fake pop-ups are increasingly found on legitimate Web sites, often delivered via online advertising networks, said Eric Howes, director of malware research with security vendor Sunbelt Software. "It's becoming a real problem because a few years ago, you would only see these fake pop-ups on some of the seedier places on the Internet."
Harvard Assistant Professor Ben Edelman agrees that deceptive pop-ups are a big problem. "These are widespread, particularly when you stop one notch below the very fanciest news sites," he said. "If you go to MySpace or if you just run Google searches and click on results, you're likely to stumble on such ads."
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment