New drive-by attack targets Google Chrome users

Drive-by browser attacks are pretty common. Many of you have probably seen the suspicious-looking 'you've got errors on your PC!' or 'holy hell, you're full of viruses!' pop-up alerts malware peddlers hope you'll click on.

But here's a new one: someone is now trying to fool Google Chrome users into installing an 'extension' -- which is, of course, actually malware. I've got to admit, I'm a little curious how this particular snare could ever work.

It starts with a spam message which is sent to 'inform' users about a new extension for their favorite browser. Once they follow the link to the malicious domain, a download window appears which offers to save a .exe file. Which, you know, isn't a Chrome extension. Those are .crx files, but the bad guys are clearly playing on end user ignorance as they usually do.

Then the victim has to actually install the downloaded executable.

This seems like such an unlikely sequence of events to me. For starters, if you're a Chrome user and you actually know what an extension is, you probably also know what a b.s. email message looks like. You probably also know how Chrome behaves when you install a .crx. And you most certainly know that .exes which seemingly come from out of nowhere aren't to be trusted.

Sadly, I also know that plenty of my customers -- who have proven time and again that they don't know when to restrain their left-mouse-button clicking urges -- now run Google Chrome. They have no idea how it got on their system or what a web browser is, and they would almost certainly fall for a trick like this if it offered 'better something.'

Oh well...I guess that just means added job security for us technicians, right?

[via Malware City - it's a security blog, not a place to get infected...]

Tags: .crx, .exe, chrome, extension, google, malware, trojan