Pages

Saturday, April 2, 2011

Fake Antivirus Software Uses Ransom Treats...

Fake antivirus software designed to steal your personal information is running wild again. Three friends of mine have been victimized recently. Unfortunately one of them fell for it and bought the software using a credit card. Guess what ? nothing was downloaded, they got his money, credit card # and information that would allow them to use it ad infinitum... He called me shortly thereafter and the first thing I told him was "get on that phone right away and call you credit card company and report what happened. They will immediately cancel the CC # and issue you another one. Later he brought the computer to my office and I was able to restore the computer back to safety... Because this is happening quite frequently, I am posting again my post of September 2010 as follows: "Remember my post of August 30 that started: "Yesterday my computer was working great but when I started it this morning, a message popped up, saying that the computer had been attacked by a virus." Guess what, today I received an e-mail from PCWorld with an article that analyses precisely this serious problem which I am sharing with you all: "Fake Antivirus Software Uses Ransom Threats John E Dunn, techworld.com Sep 4, 2010 12:00 pm Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet's latest threat report has found. The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month. Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are "infected." The user is invited to have the infection cleaned by buying the bogus TotalSecurity product. Adding an extra layer of sophistication to its arsenal -- and no doubt aware how quickly bogus antivirus software is blocked by genuine security products -- TotalSecurity can now vary the downloads it feeds to target PC using server-side polymorphism. Put another way, the exact version downloaded to a victim's PC will constantly change which makes detection harder. "This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," said Fortinet's threat research head, Derek Manky. According to Fortinet, such attacks demonstrate the vulnerability of PC-based antivirus software. A layered defence would have a better chance of detecting TotalSecurity by either intercepting the initial spam used to spread it or by blocking the download website. Once rare enough to be a curiosity, malware using threats and direct interference with a PC's operation have slowly become more common. A previous report from Fortinet in March noted a sudden surge in the technique, about a year after the first aggressive use of ransomware in the form of the notorious Vundo Trojan. That particular piece of malware used crude encryption of a victim's files. In July came news of the odd Krotten Trojan that disables a victim's PC in a variety of ways before asking for a tiny payment to be made to a Ukrainian mobile phone network. Two months before that researchers in Japan discovered the Kenzero porn blackmail Trojan that threatens to post a victim's embarrassing browsing history to a public website. Be careful, but sometimes you may inadvertently open a web page that will cause such a problem in your computer.One way to solve the problem was explained to you in my post of August 30 referred to above. George Freire "

2 comments:

Managed IT Service said...

Very Useful Post... it's help a lot to everybody and thanks to spread awareness about Fake Anti virus Software

George Freire said...

Thanks for the comment