RSS Alerts

Share

More services

Related Stories

  • Comment: Cyber-gang Crackdown Cripples Malware Traffic…for Now
    This past summer’s FBI-coordinated crackdown on computer scareware companies virtually shut the fake security software business down, but without the implementation of tough, diverse preventative solutions, Enigma Software's Alvin Estevez says it might remain akin to nothing more than cutting off the head of a hydra
  • The art of social engineering
    Social engineering is not new and it’s here to stay. Kevin Townsend looks at how social networking is a social engineer’s best friend and asks what we can do to protect ourselves from this very real – and very personal – threat
  • Searching for Security
    With more than 30 000 web pages being compromised every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves
  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • Cybercriminals steal – from each other
    The latest monthly malware and threats report from GFI Labs - the research operation of GFI Software - claims that cybercriminals are now stealing end user credentials from each other, as well as using complex new methodologies when seeking to infect end users' PCs.

Top 5 Stories

News

Rogue anti-virus scamware hitting hard, says Webroot

01 October 2009

Research by Webroot suggests that the rash of anti-virus scamware - which reports that the users' PC is infected, when it is not, and then requests a payment for registration - is sucking in a lot of internet users.

The research concluded that IT-savvy internet users are actually more susceptible than internet newbies to the fake alerts and scam reports that these types of rogue anti-virus applications create.

The Webroot report - which took in responses from almost 1200 users of all ages and IT skill levels - found that advanced users clicked on suspicious messages at a greater rate than less experienced users.

In addition, the study noted that 20% of respondents strongly trust the first page of search results, which Webroot said is "a common target for fraudulent links".

Unsurprisingly, researchers found that almost 20% of respondents reported "varying levels of financial or data loss following infection", and that over 50% experienced infections consistent with those of fake alert-related malware such as fake anti-virus.

Commenting on the research findings, Mike Kronenberg, Webroot's chief technology officer with the firm's consumer business unit, said that cybercriminals are preying on internet users' curiosity.

"Links to seemingly real search results and videos - and now even ads on reputable news sites - trigger fake warnings claiming you're infected or need `Home Antivirus 2010' or another bogus product."

"And business must be booming for these thieves, judging from the rapid rate at which Webroot is seeing new programmes and variants created in an attempt to bypass security technology."

"But with the right education, vigilance and technology, consumers can take steps to protect themselves."

The IT security vendor said that the appearance of fake anti-virus alerts changes frequently.

Ranging from phony Windows Security Centre warnings to notifications for security and anti-virus scans and viewer or codec downloads, Webroot said that each scam is designed to appear legitimate and urgent.

And, according to the Webroot Threat Research team, internet users can encounter fake anti-virus alerts through three main directions:

  • Fraudulent links - appearing at or near the top of search results. For example, earlier this week Webroot found that a search for news stories about the arrest of film director Roman Polanski yielded links that redirected to a fake security scan and to Windows PC Defender, a known rogue security product.
  • Phony file links - Webroot recently reported on its threat blog that the Koobface worm is now sending phony video links, seemingly from a friend, to members of social networking sites. The links trigger viewer download messages that activate infection when clicked.
  • Ads on legitimate websites - Webroot researchers recently investigated the origins of a bogus ad on NYTimes.com, which contained code leading to a fake alert and rogue product.

Delving into the research reveals that over 50% of advanced users encountered a fake Windows Security Centre alert, versus 33% of novice users.

On top of this, 26% of advanced users encountered a fake security / anti-virus scan, compared to approximately 10% of less experienced users

And 23% of advanced users clicked on a fake alert and in some cases purchased rogue security products such as fake anti-virus; conversely, 10% of novice users did the same.

As a result of its research, Webroot recommends that internet users stay vigilant and not click pop-up security and anti-virus alerts from unfamiliar companies, or poorly worded messages from known providers.

Users should also only buy security and anti-virus products from reputable companies and should check for links to familiar sites among search engine results.

On social networks, especially, the company said that internet users should not follow suspicious video links from `friends,'  as well as emails, friend requests, site links and other items from unknown sources.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012