Search This Blog

Wednesday, June 10, 2009

Scareware's pitches for fake security show up in odd places

Scareware's pitches for fake security show up in odd places
----------------------------------------------------------------------------
Written by Byron Acohida, USA TODAY

"Scareware has become the scourge of the Internet.
Those deceptive promotions crafted to panic you into spending $30 to $80 for worthless antivirus protection can hit you just about anywhere you turn on the Web. They arrive as booby-trapped Web links in e-mail and social network messages. They lurk hidden, and set to activate, when you click to popular, legitimate websites.

And now scareware purveyors are embedding triggers in places you wouldn't expect: on advertisements displayed at mainstream media websites; amid search results from Google, Yahoo Search and Windows Live search; alongside comments posted on YouTube videos; and, most recently, in "tweets" circulating on Twitter.
"Scareware is becoming a dominating force," says Joe Stewart, director of SecureWorks Counter Threat Unit. "There are hundreds of criminals using every tactic they can think of to push these programs."

Click on a trigger and you'll get caught in an unnerving loop impossible to abort. A scanner window will appear with red-letter warnings listing viruses purportedly infesting your hard drive. A series of dialogue boxes will follow giving you choices that all lead to the same screen: a sales pitch.
Make the purchase, and you get a bogus inoculation. Try to cancel it, and you'll get repeated offers. "It's like stepping into quicksand," says Paul Royal senior researcher at security firm Purewire. "The more you try to get out of it, the deeper you sink."
Scareware has been a prominent part of the Internet since 2004, when a cybergang based in St. Petersburg, Russia, launched the iframecash.biz website and began offering commissions to anyone who helped them spread the SpySheriff fake antivirus program. Hackers began to taint legitimate websites so that pop-up ads for SpySheriff would launch on the PC of anyone who visited a corrupted Web page.
That simple arrangement has evolved into a steadily growing industry that marked a banner year in 2008. By late last year, more than 9,200 different types of scareware programs were circulating on the Internet, up from 2,800 at midyear, according to The Anti-Phishing Working Group. Microsoft recently reported that scareware infections rose 48% in the second half of 2008 vs. the first half. Microsoft analyzed data collected by use of its Malicious Software Removal Tool and found one specific fake security program on 4.4 million PCs.
"These guys are very innovative," says Roel Schouwenberg, senior virus researcher at Kaspersky Lab. "They're constantly looking for newer and easier ways to make money."
Cutting-edge scareware marketing campaigns are being delivered via:
•YouTube and Twitter. The bad guys sign up for a handful of new YouTube or Twitter accounts. In the case of YouTube, crooks recently used about a dozen new accounts to begin posting comments on 30,000 videos, says Luis Corrons, technical director of PandaLabs. The comments enticed users to click on a link that triggered a scareware promotion.
In a variation of this ploy, crooks in late May created new Twitter accounts and began broadcasting tweets declaring "Best video" with a Web link of http://juste.ru, says Schouwenberg. Clicking on the link launched a sequence that replicated the message to everyone on the victim's friends list, then launched a scareware promo.
•Search results. The bad guys create malicious Web pages and fill them with words and phrases that are likely to be popular search queries, such as "American Idol winner" or "NCAA tournament bracket," says Yuval Ben-Itzhak, CTO of security firm Finjan. Next they insert tiny copies of their bad links on popular, legit websites that don't do a thorough job of preventing such hacks.
"Search engine optimization" then takes over. SEO is the technology that determines the relevance of Web links to search queries. By embedding a malicious link on a popular website, the hackers imbue their Web page with high relevance. So when the legit site turns up as the No. 1 or No. 2 result for a popular search query, their bad link turns up as the No. 4 or No. 6 result. Anyone who clicks on the bad link gets a scareware pitch.
•Online ads. The bad guys purchase blocks of ad space on popular websites through a legit ad agency, says Roger Thompson, senior researcher at AVG. Next they instruct the ad agency to begin posting innocuous ads. To avoid detection, they only sporadically feed a corrupted ad into the mix. The bad ad looks safe, but carries instructions to route anyone who clicks to a scareware pitch. "It's the most common attack we see every day," Thompson says."

To read the rest of this article go to:

http://www.usatoday.com/tech/news/2009-06-09-cybergangs-scareware-hackers_N.htm

No comments:

Visit GM Alexandra Kosteniuk's Women's Chess Blog:Please click on the image below:

Visit GM Alexandra Kosteniuk's Women's Chess Blog:Please click on the image below:
Chess needs more women and girl participants and administrators!

Thoughts worth thinking about

"Our subconscious minds have no sense of humor, play no jokes and cannot tell the difference between reality and an imagined thought or image. What we continually think about eventually will manifest in our lives."-Sidney Madwed



Laws alone can not secure freedom of expression; in order that every woman and man present their views without penalty, there must be spirit of tolerance in the entire population.- Albert Einstein Too often we underestimate the power of a touch, a smile, a kind word, a listening ear, an honest compliment, or the smallest act of caring, all of which have the potential to turn a life around. - Leo Buscaglia



A person's true wealth is the good he or she does in the world. - Mohammed



Our task must be to free ourselves... by widening our circle of compassion to embrace all living creatures and the whole of nature and its beauty. -Albert Einstein



The best way to find yourself, is to lose yourself in the service of others. - Ghandi



The unselfish effort to bring cheer to others will be the beginning of a happier life for ourselves. - Helen Keller



Aim for success, not perfection. Never give up your right to be wrong, because then you will lose the ability to learn new things and move forward with your life. Remember that fear always lurks behind perfectionism. Confronting your fears and allowing yourself the right to be human can, paradoxically, make yourself a happier and more productive person. - Dr. David M. Burns



Life is as dear to a mute creature as it is to man. Just as one wants happiness and fears pain, just as one wants to live and not die, so do other creatures. -His Holiness The Dalai Lama



Mankind's true moral test, its fundamental test (which lies deeply buried from view), consists of its attitude towards those who are at its mercy: animals. And in this respect mankind has suffered a fundamental debacle, a debacle so fundamental that all others stem from it. -



Milan Kundera, The Unbearable Lightness of Being



The worst sin towards our fellow creatures is not to hate them, but to be indifferent to them. That's the essence of inhumanity. -George Bernard Shaw

Ego's trick is to make us lose sight of our interdependence. That kind of ego-thought gives us a perfect justification to look out only for ourselves. But that is far from the truth. In reality we all depend on each other and we have to help each other. The husband has to help his wife, the wife has to help the husband, the mother has to help her children, and the children are supposed to help the parents too, whether they want to or not.-Gehlek Rinpoche Source: "The Best Buddhist Writing 2005 pg. 165

The hostile attitude of conquering nature ignores the basic interdependence of all things and events---that the world beyond the skin is actually an extension of our own bodies---and will end in destroying the very environment from which we emerge and upon which our whole life depends.