Protect Yourself Against Scareware
For the last two years, scareware, which is fake
security software, has emerged as the most
profitable strategy for cybercriminals. Due to many
businesses now aggressively trying to advertise
their companies online through various kinds of
advertising, cybercriminals have found a safe haven
to profit off unsuspecting end users.
Unfortunately, because scareware’s business model
has a high payout rate, new cybercriminals are
claiming a stake in the industry. With new
cybercriminals motivated to make the next big money,
more innovation is arising from this underground
community.
First of all, what exactly is scareware?
Scareware, which can also be known as rogueware
or fake security software, is a legitimate-looking
application that is delivered through illegal
traffic acquisition (i.e.- Cleveland.com with Fake
Antivirus XP pop-ups or 9/11 keywords hijacked to
serve scareware). Unfortunately, because these
programs look so legitimate and convince the end
user that they have already been infected, many
users end up purchasing the application in the
attempt to rid their computer of any threat.
Once scareware is downloaded onto your computer,
many times these malicious applications will prevent
any legitimate security software from loading.
Removal of scareware can be extremely time-consuming
because it can block system tools and third-party
applications from executing.
For now, scareware releases are exclusively
targeting Microsoft Windows users.
However, the good thing is that in a lot of
scareware sites, there is a common set of deceptive
advertising practices, which can help you spot them.
Scareware Tactics
Unclickable icons
Many scareware sites use unclickable icons from
reputable technology websites. Unfortunately, these
websites are completely unaware of the scareware’s
existence. For example, some will use an icon for
Microsoft Certified Partner, CNET Editor’s Choice or
PC Magazine Editors’ Choice Award.
Comparative Charts
Another popular tactic on scareware sites is
showing a chart showing that the scareware
outperforms leading security solutions. Once again,
this approach makes the company seem legitimate
enough to purchase from.
Antivirus Scanning Dialog
Now if an end user is not voluntarily looking for
antivirus software, the last scareware tactic is
most likely the most successful. Have you ever been
reading an online blog, for example and all of a
sudden, there’s a popup that states your computer
has been infected with a virus? All of a sudden, a
completely legitimate Windows dialog box appears and
assures you that your computer is being scanned and
the virus is being removed. Unfortunately, this
highly successful tactic tricks thousands of end
users daily.
Here are some legitimate malware scanners that
are offered for free:
- TrendMicro’s Housecall
- Kaspersky’s Online Malware Scanner
- PandaSecurity’s Cloud Antivirus
- McAfee’s Online Malware Scanner
- Symantec’s Online Malware Scanner
Scareware Campaigns
- Blackhat search engine optimization (SEO)
- blackhat search engine optimization is the
traffic acquisition method for cybercriminals.
Blackhat SEO is a quick and easy way to hijack
as much traffic for malicious campaigns as
possible. Many cybercriminals have parked
domains, which look like legitimate business
sites, but once the end user is on their site,
they are automatically redirected to real-time
virus scanning. Now remember, every campaign
relies on the end user’s gullibility into
manually downloading and executing the scareware
compared to drive-by attacks where the infection
will take place automatically through the use of
client-side vulnerabilities.
- Web 2.0 tools and services continue
to be affected by scareware campaigns. Usually
what happens is automatically fake user accounts
are added by outsourcing CAPTCHA-recognition
process. I cannot tell you how many times I have
received an email from Twitter saying that I
have a new follower, but in reality, they are
just another fake account.
- Malvertising (malicious advertising)
- malvertising is the practice of serving
malicious ads on legitimate and high profile
sites. In some cases, Fake Antivirus pop-ups
have been found on Cleveland.com and scareware
pop-ups on Foxnews, Digg, MSNBC and Newsweek.
Now let’s talk about how to avoid these:
- Know your legitimate Antivirus Software
Vendors
AhnLab (V3)
Antiy Labs (Antiy-AVL)
Aladdin (eSafe)
ALWIL (Avast! Antivirus)
Authentium (Command Antivirus)
AVG Technologies (AVG)
Avira (AntiVir)
Cat Computer Services (Quick Heal)
ClamAV (ClamAV)
Comodo (Comodo)
CA Inc. (Vet)
Doctor Web, Ltd. (DrWeb)
Emsi Software GmbH (a-squared)
Eset Software (ESET NOD32)
Fortinet (Fortinet)
FRISK Software (F-Prot)
F-Secure (F-Secure)
G DATA Software (GData)
Hacksoft (The Hacker)
Hauri (ViRobot)
Ikarus Software (Ikarus)
INCA Internet (nProtect)
K7 Computing (K7AntiVirus)
Kaspersky Lab (AVP)
McAfee (VirusScan)
Microsoft (Malware Protection)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
PC Tools (PCTools)
Prevx (Prevx1)
Rising Antivirus (Rising)
Secure Computing (SecureWeb)
BitDefender GmbH (BitDefender)
Sophos (SAV)
Sunbelt Software (Antivirus)
Symantec (Norton Antivirus)
VirusBlokAda (VBA32)
Trend Micro (TrendMicro)
VirusBuster (VirusBuster)
- Do some research on the domain in question-
you can do this through Google or through a
search engine specifically dedicated to
malvertising:
http://www.anti-malvertising.com/engine .
The anti-malvertising search engine is in the
process of collecting lists of scareware related
domains.
- If you have already downloaded potentially
malicious software, submit it to this website:
http://www.virustotal.com/ . VirusTotal will
scan your software to determine if it is in fact
malware. Pretty cool, right?
The main reason we wanted to share this
information with you is to educate and spread the
word about these cybercriminals. The more we all
know and share with each other, the safer our data
and systems will be.
Hope this information helps! |
