Posts Categorized: Rogue Security Products


Fakealert Accurately Mimics Windows Update

by

A new Windows Update-themed stupid malware trick that’s making the rounds appears to be trying to capitalize on the recent frequency of “out of band” Windows patches Microsoft has been releasing lately. The spy, which serves as nothing more than a vehicle for the fraudulent sale of a fake product called Antimalware Defender, so closely resembles a Windows Update installation dialog that some members of our threat research team who saw these files had to pause and look carefully at the dialog box before deciding it is, in fact, a big fat hoax. Even the Microsoft Knowledge Base article the […]

Continue Reading »

British Music Awards Draws Web Scams

by

Music fans may already be aware that next Tuesday the British music industry will honor the top acts of the year at a ceremony known simply as The BRITs. What they may not know is that common Internet criminals have begun to target people searching for information about the artists and the music connected with the awards for attack. This will be the 30th ceremony held in the 33 year history of the awards. As in previous years, the BRIT Trust (a charity run by BPI, the UK’s recording industry trade association) will donate profits from the ceremony, including the […]

Continue Reading »

Fakealerts Invade Google Image Search Results for ’24′ Star

by

Searchers beware: Those photos of celebrities or funny cat pictures that turn up in your Google image search results might not be photos at all, but fake antivirus alerts. Evidence appears to indicate that a similar scam to one we blogged about last November may be working its way up the Google food chain into other forms of search results. While searching for photos of Annie Wersching, an actress who recently joined the cast of the TV show 24, we stumbled into one of these javascript-enabled fakealert browser traps. Oddly enough, when you click one of these bogus linked pictures […]

Continue Reading »

Rogue AV Payload Blocks Popular Websites

by

A payload file installed along with some variants of the rogue Internet Security 2010 “antivirus” program modifies victims’ networking settings within Windows, inserting itself into the network stack and preventing victims from visiting some of the Web’s most popular Web sites. More than 40 sites have been targeted, including: Microsoft’s live.com and Bing search engine; social networking giants Facebook, Twitter, MySpace, Bebo, LinkedIn, and YouTube; news organizations including Fox News, The New York Times, the Washington Post, and the UK’s Guardian and BBC news sites; and blogs hosted by blogger.com, livejournal.com, and wordpress.com. The payload modifies the Layered Service Provider (LSP) […]

Continue Reading »

Spammers Pushing Rogues Infiltrate Google Groups

by

Spammers hawking “fun videos” have been worming their way into Google Groups, the global message board Google built on the skeleton of the old Usenet network. Only, the pages the spammers point victims to, which don’t actually contain videos, come with a nasty surprise: Rogue antivirus apps. The attacks began late last year, but have been increasing in frequency through the holidays, and haven’t abated in the new year. The users sending out the spam messages all use free Gmail accounts (one even named his spam account Santa Claus), and have been requesting access to both open-membership and closed-membership Groups, […]

Continue Reading »

Ron Paul, Beyonce Tease a Drive-By Rogue AV

by

Here’s a mind-bender for you to ponder over the holidays: What do diva musician Beyonce, the massively-multiplayer game World of Warcraft, the anime series Naruto, and Libertarian politician (and failed presidential candidate) Ron Paul have in common? I couldn’t guess what you might come up with, but we’ve found a drive-by download attack that delivers malware, using these disparate icons as a hook to convince Web surfers to click malicious links. The hack attempt was discovered by a Threat Research Analyst who also happens to be a Ron Paul fanatic (and I do mean fanatic — that’s a photo of […]

Continue Reading »

New Koobface Creates its Own Malicious Web Pages

by

Over the past several months, we’ve seen Koobface steadily progress in its ability to infect systems with malware. In our latest tests, we’ve found that the most recent version of this social-networm has a few new holiday-themed tricks up its sleeve. Among those tricks are a new, improved “captcha breaker” utility; A tool to check whether you have a Google and/or a Blogspot account (and, if not,  it creates a new Google account); And a tool designed to create Google Reader pages on the fly, which the worm then uses to post malicious code. Those Google Reader accounts then end […]

Continue Reading »

Fakealerts Target Black Friday Online Shoppers

by

Now that the turkey and pumpkin pie has settled, and everyone’s gotten a good night’s sleep, shoppers are busily hustling the Web for the best deals. I’ve been doing the same thing, and wanted to share some of my tips that may help you avoid becoming snared in the most prolific cyberscam of the moment: fake virus alert messages (otherwise known as fakealerts). For months, the perpetrators of this fraud have been honing their skills at targeting malicious web pages to rise in search results for  whatever is in the popular zeitgeist-of-the-moment. Victims experience a computer that appears to be […]

Continue Reading »

Fakealerts: Building a Better Mousetrap

by

In general, the use of fakealerts – those bogus warnings that look like your PC has started some sort of antivirus scan on its own, then predict imminent doom if you don’t buy some snake oil product right this minute — is on the rise. Fakealerts constitute a particularly effective social engineering trick, earning the makers of bogus, ineffective “antivirus” programs millions of dollars (and the scorn of victims) in the process. So it should come as no surprise that the fakealerts themselves have gone through some technological advances in the past year. In the past few months, the fakealert-makers […]

Continue Reading »

Rogues Mug Big Bird on his Birthday

by

In a move sure to raise the ire of Sesame Street fans everywhere, the black hat SEO gangs that have been manipulating Google results for the better part of the year have seized on a new target from which they’ve launched their current salvo of rogue antivirus guano. That’s right, the lovable, giant jaundiced avian friend to child and adult alike is being used to hijack searches and rope unsuspecting users into a vortex of popups and fake scans. They have besmirched Big Bird. And on his birthday, of all days. Have the rogue AV purveyors no shame? Actually, they’ve […]

Continue Reading »