RSS Alerts

Related Links

  • Webroot
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Webroot scores IT security success with Everton
    Webroot has been signed by Everton Football club to protect the club's IT systems against the vagaries of spam and malware infested email.
  • Webroot reports tax return malware-infecting email scam reaching the UK
    Webroot, the internet security software specialist, reports that an Internal Revenue Service (IRS) tax email scam - in which US internet users have been emailed a malware-infected warning about under-stating their income or underpaying of tax - has arrived in the UK.
  • Webroot secures College of Law as new customer
    Fresh from offering its channel partners free training in Software-as-a-Service (SaaS) technology, Webroot has secured the UK's College of Law as a high-profile new customer for its cloud-based security services.
  • Batten down the hatches
    Due to the horrifying quantity of vulnerabilities, and often limited time and budget, application and database security can be quite a headache. Limiting privileges and access, however, is a good place to start, finds Danny Bradbury
  • Koobface command-and-control servers double in 48 hours
    Kaspersky Lab has reported a massive surge in activity surrounding Koobface, a highly prolific worm that infects social networking sites.

News

Fake virus, worm and malware alerts target online shoppers

04 December 2009

With Thanksgiving out of the way in the US, and monthly salary earners having just been paid, online shopping has been soaring this week but, says Webroot, the IT security vendor, criminal malware authors are now targeting e-shopping in earnest with a variety of attacks.

One of the latest types of attack methodologies involves fake virus and worm alerts, which malware authors have been refining since they first appeared in a basic form earlier in the year, Webroot said.

According to Andrew Brandt, a security researcher with the IT security vendor, for some months, the malware authors behind this fraud have been honing their skills and working to push their malicious web pages higher in the search rankings.

"Victims experience a computer that appears to be out of control, seemingly unable to do anything but download whatever application the fake alert forces upon them", said Brandt in a security blog posting.

The good news, he said, is that it is not hard to avoid these fake alert sites, but users have to be on constant alert and carefully scrutinise the results of any security scan warnings that appear on their computer screens before they click on a link.

Because of these issues, Brandt advises users to "sweep before you shop" and always scan your computer with a fully updated anti-virus and anti-spyware application before you even get to the order form on your favourite shopping site.

Internet users are also advised to look carefully at search engine results before they click.

"When in doubt, kill your browser: If you do happen to find yourself sucked into a fakealert vortex, don't click anywhere in the browser window. If you know how to use the task manager to terminate the browser application, you can do it that way", he said.

"Most users will find it easier to simply use the Alt-F4 keyboard combination. Remember, you can always go back to the page you want by restarting the browser and looking at your link history", he added.

Brandt also cautioned that malware authors and hackers are using a number of tricks to fool Google and other search engines into indexing their malicious links so they have a high relevance score, and therefore appear higher in the results than a legitimate site would.

"One of the tricks they use is to have a large number of the same key phrase interspersed in the middle of text culled from another source."

Internet users are also advised to download and use the Noscript addin to Mozilla Firefox, which stops any scripts from triggering a fake alert on a users' PC screen.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water