Often, the weakest link in a computer security system is the user. Whereas anti-malware systems and operating system level security are constantly being improved to detect and block new computer security threats, even computers running the best security platforms can still be compromised by user mistakes. With this in mind, malware authors frequently target the user, and attempt to trick the user into actively installing malware or otherwise unwittingly taking a proactive step that would compromise the security of the computer. Such attacks targeting the user as opposed to the computer system itself are known as “social engineering attacks.”
One common social engineering attacks today is the fake anti-virus scan. In this attack, an alert box or similar user interface component pops up on the user's screen, indicates that the computer is susceptible to infection by computer viruses and/or other types of malware, and offers to scan the computer for malware. Unless the user closes the user interface component, it typically pretends to scan the computer, and then claims to have identified various malware infections. The user is then invited to download free anti-malware software that is supposed to be able to fix the detected infestations. If the user selects to download the “anti-malware” software, the social engineering attack instead takes advantage of the user having initiated a download of an unknown program to infect the user's computer by installing malware. There are many variations on this attack, some involving offers of fake data anti-corruption tools, fake codecs for playing videos, etc.
Although security software is always being updated to detect and block new social networking attacks, no matter how good security software becomes, the user always remains a potential weak spot in the overall security of the computer system. Not only naive users but even advanced users can be susceptible, primarily due to the ever evolving sophistication of new social networking attacks. It would be desirable to address these issues.