Unfortunately the tactics these criminals use are highly effective against the average user who doesn’t know any better; this is why the scams are so prevalent – they make a tremendous amount of money for the criminals. For this reason, they are not going to go away any time soon and you need to know everything you can about how to keep this threat off of your network and away from your users.
Sophos has released a white paper entitled “Stopping Fake Antivirus: How to Keep Scareware off Your Network.” It contains a wealth of information and tips on how to combat this threat. I highly recommend your download and read it.]]>
So, you’re a Mac user and you get hit by the Mac Defender fake virus warning. You call Apple’s tech support line, right? Well, you’ll get no help from them. According to a leaked Apple memo, here are the instructions to support personnel:
You cannot show the customer how to force quit Safari on a Mac Defender call.
You cannot show the customer how to remove from the Login items.
You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor.
You cannot refer the customer to ANY forums or discussions [sic] boards for resolution (this includes the Apple.com forums)
In other words, you cannot do anything to help the customer. What the hell are they thinking? This is the wrong response. For Heaven’s sake, at least send them in the the right direction. Microsoft does.
Record numbers of OS X users are falling victim to this scam because Apple has created a false sense of security through their marketing and advertising suggesting Apple users are immune to security threats. The users believe this fake notice is real because of this false data, so they take action thinking that Apple really must be protecting them.
Perhaps this means that Mac has finally entered the mainstream. They are now a viable target for hackers, scammers and other cyber-criminals. And why not? One could argue that Mac owners have more money than PC owners as a rule. Why not go for those bigger bank accounts?
The bottom line is that Apple’s refusal to help its customers is going to give the company a major black eye. I wouldn’t be surprised to find people jumping off the Apple bandwagon, selling their Macs and getting PCs.
Stranger things have happened.]]>
A nasty piece of malware known as LizaMoon has hijacked links on millions of websites in the past weeks, including some normally safe iTunes and Google links.
Fortunately, LizaMoon is easy to avoid if you know what to look for.
Using rogue-AV scare tactics, LizaMoon tries to trick you into running bogus security-scan and virus-cleanup tools on your PC — but it’s pure malware.
If allowed onto your PC, this particular ploy is especially troublesome because it can partially disable the Windows Security Center and change the Registry so that the full WSC can’t be restarted. It also interferes with Microsoft Security Essentials, if MSE is running. (You’ll find lots more LizaMoon news coverage via Google.)
Supposedly, infection peaked in October of 2010 at around 5600 affected sites, but it’s making a comeback, according to Langa. These things never really go away completely and often resurface. Be especially aware when searching sites on Google.]]>
Hi Ken, Please offer your opinion on this. I had a phone call today from a person representing
Secure All PC.com. He told me that they received information directly from World Web Renting?? and that my windows operating system was a genuine windows and that they received my address, phone number etc. He wanted me to check my computer and see if i had virus/bugs etc that they knew about and if I did they would fix. He wanted me to press the windows button and r at the same time and then type in eventvwr. I was not comfortable doing this.
Needless to say, I gave the advice I would give to anyone in this situation: Run fast and far in the opposite direction. I then did two things: 1. Checked the whois on SecureAllPC.com; and, 2. Checked out their website.
Strike one: Registrant Contact: PrivacyProtect PrivacyProtect () Fax: All Postal Mails Rejected Navi Mumbai, MAHARASTRA 400614 IN. That’s India, not Indiana, in case you’re wondering. No individual’s name in the registration and you can’t even contact them.
Strike two: Amateurish website layout and graphics with numerous spelling and grammar errors.
Strike three: Unsolicited call to potential customer.
Umpire says, “Scam! You’re out!”
I’m willing to bet that whatever they do is useless, possibly malicious as in installing keyloggers or other such things, and they probably specialize in selling your credit card and other personal information to other cyber-criminals.
One striking discovery is that in 2010 alone, cyber-criminals created and distributed one-third of all existing viruses, creating 34 percent of all malware that has ever existed and been classified by the company. The report also highlights malware standbys that aren’t going anywhere, new and emerging malware trends, the impact cyber-criminal activity had on social media networks last year, and more.
Despite all of the drastic numbers outlined in the report, the report highlights some good news. PandaLabs discovered that the speed at which the number of new threats is growing has actually decreased when compared to 2009. Every year since 2003, new threats grew by at least 100 percent every year, but in 2010, the increase was approximately 50 percent. We can only hope that trend continues.
As you might suspect, banker Trojans still dominate among new malware that appeared in 2010, accounting for 56 percent of all samples. Viruses accounted for 22 percent, rogueware (fake antivirus software), 12 percent; worms, 10 percent.
The countries leading the list of most infections are Thailand, China and Taiwan, with 60 to 70 percent of infected computers. To see a graph of how other countries ranked, please visit: http://www.flickr.com/photos/panda_security/5299741647/. The United States did not rank in the top 20.
2010 was truly the year of cyber-crime, cyber-war and cyber-activism. Although cyber-crime has existed for many years, cyber-war became a much more active and aggressive part of the malware landscape. The most notorious was Stuxnet, a new worm that targeted nuclear power plants and managed to infect the Bushehr plant, as confirmed by the Iranian authorities. At the same time, a new worm appeared called “Here you have.” It was created by a terrorist organization whose intention was to remind the U.S. of the 9/11 attacks and call for respect for Islam, purportedly as a response to Pastor Terry Jones’ threat to burn the Koran.
2010 also witnessed the emergence of new phenomenon called cyber-protests or hacktivism. This phenomenon, made famous by the Anonymous group, is not actually new, but grabbed the headlines in 2010 for the coordinated DDoS attacks launched on copyright societies and their defense of WikiLeaks’ founder Julian Assange.]]>
Watch them here: http://www.sophos.com/security/anatomy-of-an-attack/]]>
FakeAV or Fake AntiVirus, also known as Rogue AntiVirus, Rogues, or ScareWare, is a class of malware that displays false alert messages to the victim concerning threats that do not really exist. These alerts will prompt users to visit a website where they will be asked to pay for these non-existent threats to be cleaned up. The FakeAV will continue to send these annoying and intrusive alerts until a payment is made.
For those of us who are savvy, these things are easy to spot; we’re usually aware of what AV software we use and know that what’s warning us isn’t our system. But, for the uniformed, such convincing names as those listed below usually work:
Pop-ups also catch people especially because they resemble what Windows would do. Here’s what one unlucky user had to say in a forum: “I learned a $90 lesson yesterday. If a window pops up (even if it looks just like Windows) and tells you your computer is ‘infected’, DON’T acknowledge it. Don’t click ‘Yes/Scan’, ‘No’ or anything. Just turn off your computer. ” To that, I would add one more step: Call your friendly local Geek for a good PC clean up and protect session. Here’s a shot of a typical “System Scan” screen.
And one more thing: Please don’t click on links or open files in emails if you don’t know where they came from, even if they look legitimate.]]>