Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, has detected a new string of rogue antivirus applications that use URLs related to Continental Flight 1404 and other current news to manipulate consumers into purchasing phony Internet security protection. The URLs link to a download site which triggers a series of fake infection and firewall pop-up messages, bearing the generic name "Spyware Guard 2008."
"Cybercriminals are capitalizing on the Continental Flight 1404 incident and other news catching the nation’s attention, including NFL game results and regional holiday events, and they’re programming fraudulent Web site links to appear near the top of search engine results," said Paul Lipman, senior vice president and general manager of Webroot’s Desktop Business. "As a result, consumers can easily click on a link that leads to deceptive messaging from a seemingly trusted source, and subsequently share personal information to purchase fake software. We encourage anyone searching for news online to be skeptical of unfamiliar URLs, and to protect themselves by having a legitimate antispyware, antivirus and firewall software in place."
According to Webroot’s Threat Research team, many rogue antimalware applications use tactics to appear as if the product comes from a trusted security company in order to convince users into downloading and purchasing the product. Users find the Web site downloading this rogue application through a Google search further projecting an aura of trust. With this new string, users receive a series of fake "Spyware Guard 2008" messages distributed by a download site called frelatig.com.
Webroot has developed a set of recommendations for users to prevent this type of malware attack.