RSS Alerts

Related Stories

  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • As interest in BRITS music awards rises, hackers move in
    Whilst many music fans will be aware of the success of UK artists at last night's BRIT music awards, many more users are surfing the internet to find out extra information. But it appears that hackers are exploiting this interest and infecting users' PCs with malware.
  • Safer Internet Day – watch out for fake updates says Webroot
    Today, as you may have noticed, is Safer Internet Day, when vendors in the IT security world will almost certainly be appearing on the radio and TV explaining how to surf the net more securely. But, says Webroot, one of those vendors, users should watch – especially today – for fake updates to their security software.
  • Fake virus, worm and malware alerts target online shoppers
    With Thanksgiving out of the way in the US, and monthly salary earners having just been paid, online shopping has been soaring this week but, says Webroot, the IT security vendor, criminal malware authors are now targeting e-shopping in earnest with a variety of attacks.
  • SunbeltLabs detects surge in trojans during February
    Sunbelt Software's list of top malware infections seen during February claims to show that there was a sizeable surge in trojans during the month.

News

Rogue anti-virus scamware hitting hard, says Webroot

01 October 2009

Research by Webroot suggests that the rash of anti-virus scamware - which reports that the users' PC is infected, when it is not, and then requests a payment for registration - is sucking in a lot of internet users.

The research concluded that IT-savvy internet users are actually more susceptible than internet newbies to the fake alerts and scam reports that these types of rogue anti-virus applications create.

The Webroot report - which took in responses from almost 1200 users of all ages and IT skill levels - found that advanced users clicked on suspicious messages at a greater rate than less experienced users.

In addition, the study noted that 20% of respondents strongly trust the first page of search results, which Webroot said is "a common target for fraudulent links".

Unsurprisingly, researchers found that almost 20% of respondents reported "varying levels of financial or data loss following infection", and that over 50% experienced infections consistent with those of fake alert-related malware such as fake anti-virus.

Commenting on the research findings, Mike Kronenberg, Webroot's chief technology officer with the firm's consumer business unit, said that cybercriminals are preying on internet users' curiosity.

"Links to seemingly real search results and videos - and now even ads on reputable news sites - trigger fake warnings claiming you're infected or need `Home Antivirus 2010' or another bogus product."

"And business must be booming for these thieves, judging from the rapid rate at which Webroot is seeing new programmes and variants created in an attempt to bypass security technology."

"But with the right education, vigilance and technology, consumers can take steps to protect themselves."

The IT security vendor said that the appearance of fake anti-virus alerts changes frequently.

Ranging from phony Windows Security Centre warnings to notifications for security and anti-virus scans and viewer or codec downloads, Webroot said that each scam is designed to appear legitimate and urgent.

And, according to the Webroot Threat Research team, internet users can encounter fake anti-virus alerts through three main directions:

  • Fraudulent links - appearing at or near the top of search results. For example, earlier this week Webroot found that a search for news stories about the arrest of film director Roman Polanski yielded links that redirected to a fake security scan and to Windows PC Defender, a known rogue security product.
  • Phony file links - Webroot recently reported on its threat blog that the Koobface worm is now sending phony video links, seemingly from a friend, to members of social networking sites. The links trigger viewer download messages that activate infection when clicked.
  • Ads on legitimate websites - Webroot researchers recently investigated the origins of a bogus ad on NYTimes.com, which contained code leading to a fake alert and rogue product.

Delving into the research reveals that over 50% of advanced users encountered a fake Windows Security Centre alert, versus 33% of novice users.

On top of this, 26% of advanced users encountered a fake security / anti-virus scan, compared to approximately 10% of less experienced users

And 23% of advanced users clicked on a fake alert and in some cases purchased rogue security products such as fake anti-virus; conversely, 10% of novice users did the same.

As a result of its research, Webroot recommends that internet users stay vigilant and not click pop-up security and anti-virus alerts from unfamiliar companies, or poorly worded messages from known providers.

Users should also only buy security and anti-virus products from reputable companies and should check for links to familiar sites among search engine results.

On social networks, especially, the company said that internet users should not follow suspicious video links from `friends,'  as well as emails, friend requests, site links and other items from unknown sources.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water