Posted by: Robert Westervelt
Rogue Antivirus, scareware
New intelligence report warns of the phony antivirus and urges people to be cautious of pop-ups.
The FBI has issued an Intelligence Note, warning of a surge in rogue antivirus tricking people into buying the phony software. The FBI note estimates the rogue antivirus loss to victims to be in excess of $150 million.
The note warns of Web advertisements that serve up the phony software once a person clicks on the advertisement.
The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer. It is possible that these threats are received as a result of clicking on advertisements contained on a website. Cyber criminals use botnets to push the software and use advertisements on websites to deliver it. This is known as malicious advertising or malvertising.
We’ve written a number of different blog posts warning about specific rogue antivirus campaigns. Many of the attacks are taking place in Web pages that appear highly in poisoned search engine results. Some security researchers have discovered rogue antivirus being served up on smaller, legitimate websites, which have been hacked and injected with code to pull off the attack.
In October, Symantec issued a report talking about the business of “scareware.” In it, Symantec said it received reports of 43 million rogue security software attempts to install the more than 250 distinct examples of rogue AV software it identified. The data covered a full year, from July 2008 to June 2009.
The scareware phenomenon is moving into social networks as well. Facebook was targeted by the antivirus scammers. Antivirus vendor AVG Technologies discovered that faulty coding in some Facebook applications led users to Russian attack sites pushing out phony antivirus and ultimately malware on victim’s machines. Meanwhile, Panda Security researchers discovered a form of rogue antivirus that incorporated ransomware into the mix. It urged users to buy a security key for $80 to unlock frozen files on their PC.
The FBI is urging consumers who come across these kinds of attacks to file a complaint with its Internet Crime Complaint Center. For enterprises, IT admins and security pros should educate end users about these kinds of attacks. Rogue antivirus can be very tricky, especially for Internet Explorer users, because the coding does a very good job of making the software appear almost part of Windows. It’s very convincing.