Posts Tagged ‘Rogue security software’

Fake anti-virus cloaks itself to appear to be Microsoft Update

Published by pratyushkp on June 9th, 2011 - in Social, Technology

Original post on Sophos. Author – Chester Wisniewski

We are seeing the criminals behind fake anti-virus continuing to customize their social engineering attacks to be more believable to users and presumably more successful.

Last week I wrote about fake Firefox malware warnings leading users to rogue security software. This week they’ve started to imitate Microsoft Update.

The page is nearly an exact replica of the real Microsoft Update page with one major exception… It only comes up when surfing from Firefox on Windows. The real Microsoft Update requires Internet Explorer.

The same site was also hosting the traditional Windows XP explorer scanner we have seen for years, as well as a new Windows 7 scanner.

Similar to spam messages that have corrected their grammar and use correct imagery and CSS, the attackers selling fake anti-virus are getting more professional.

They use high quality graphics and are using information from our UserAgent strings that are sent by the browser to customize your malware experience.

Just like visiting your bank you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software.

  • Blackhat SEO and Fake anti-virus – Like chocolate and peanut butter (blogoholic.in)
  • More Mac malware – top tips for avoiding infection (nakedsecurity.sophos.com)
  • Microsoft Updates Bing Mobile (thenextweb.com)
  • Saving Your Computer from Attack! (godofnothingnow.wordpress.com)
  • New Microsoft Safety Scanner tool cleans over 20,000 machines in a week (winrumors.com)
  • How do I protect my PC while surfing the net? (ask.metafilter.com)

Blackhat SEO and Fake anti-virus – Like chocolate and peanut butter

Published by pratyushkp on May 26th, 2011 - in Social, Technology

Image via Wikipedia

Original Article posted on http://nakedsecurity.sophos.com

Author Name – Chester Wisniewski

It’s not exactly a new story that people are being hit hard by fake anti-virus, but I want to draw attention to the sophistication of their software and distribution methods.

Many IT professionals I work with have had to clean up after these infections, and equally as many blame their users for being stupid for getting infected. As a researcher, I know this is not necessarily the case. Certainly, some people make ignorant mistakes clicking links and opening attachments, but many of these attacks are convincing enough that simple computer security advice is not enough to protect users from them.

I just came across another instance of a long running spam campaign pretending to be a message from the user’s ISP telling them to run a file from a web link to update their email program settings. The download led to a fake anti-virus variant that was very realistic.

Dear Customer,

This e-mail was sent by CENSORED.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions:

http://ddd33.CENSORED.com/setup.zip

(C) CENSORED.com

This particular payload behaved much more like a real anti-virus product than ever before. It actually detected my installation of Sophos Anti-Virus and prompted me to uninstall it!

Most fake anti-virus I have run into is distributed through blackhat SEO poisoning. I recently put together a video showing how scammers are gaming Google and Bing to distribute this malware in ways your users may not expect.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

black hat

Aside from its sophistication in trying to remove our product as well as being distributed through an email, today’s sample of fake anti-virus looks and behaves like most others. It has an annoying habit of rebooting your workstation every 15 minutes or so.

To help educate both professionals and end users we have put together some materials on the 10 myths of safe web browsing. This includes some papers, a link to the video above, and a widget you can deploy on your Intranet that helps train users on safer internet usage.

  • Apple finally admits to Rogue anti-Virus problems (thetechherald.com)
  • Self Defense – Sophos Anti-Virus (smilingmac.wordpress.com)
  • Mac fake anti-virus attack adopts new disguise (nakedsecurity.sophos.com)
  • Fake Mac Defender ‘Anti-Virus’ For Macs On The Loose (techie-buzz.com)
  • Remove Fake Anti Virus Immediately ? Secure Your Pc With Best Anti … (besthomesecurityinfo.com)
  • Mac needs AntiVirus? (echlinm.wordpress.com)
  • Run your anti-virus program. (newsiam.wordpress.com)
  • Free Sophos Anti-Virus for Mac: ‘Frankly there’s no reason not to try it’ (nakedsecurity.sophos.com)
  • Free anti-virus for Mac named Best Anti-Malware solution at SC Awards (nakedsecurity.sophos.com)
  • Mac users hit with Fake AV when using Google image search (nakedsecurity.sophos.com)
© Social Media Blog

Ad Plugin made by Free Wordpress Themes