Start New Discussion within our Information Security Community

Just as your average Joe starts to 'get' the importance of online security, and that means using anti-virus software, so the bad guys start exploiting this new found understanding by flooding the Internet with fake AV products.

Security researchers at SophosLabs have today identified a major new fake anti-virus software campaign which is threatening to flood the Internet with malicious security products.

The widespread spam campaign is designed purely with one goal: to get the unwary recipient to open HTML files attached to the messages which then redirect web browsers to hacked sites that come complete with a malicious iFrame to launch the fake anti-virus attack. Of course, fake anti-virus is nothing new but the scale of this latest attack is causing concern.

These attacks take the usual form of pop-ups warning that your computer is infected and offering to remove the threats for a software registration fee. "A scam like this can be extremely successful at passing revenue directly and quickly into the hands of hackers - so we all have to be on our guard," said Graham Cluley, senior technology consultant at Sophos. "The attacks are designed to trick people into paying to remove threats from their computer that never really existed in the first place. Once a user's computer is infected with fake anti-virus, the software will continue to bombard the user with bogus warning messages to encourage them to pay for threats to be removed or install more malicious code onto their PC. If computer users are concerned about the security of their machine, they should go directly to a legitimate IT security site, rather than put their trust in a criminal hacking gang."

So far the emails that SophosLabs have intercepted include subject matters as diverse as credit card charges to holiday photography services. Sophos has seen emails promising parking permits, suggesting an appointment is being confirmed, insisting various e-billing is ready, confirming orders for various items. All of which are designed to prey on the curiosity of the recipient, often making them think there is something they might have to pay for if they do not respond or offering a peek at photos which purport to belong to someone else, for example. The end result can often be the successful leading of an innocent into downloading dangerous software onto their computers and handing over their credit card details.

Sophos has put together a video providing further information on fake anti-virus software:

[youtube]2DzBdhqB73I[/youtube]

Attachments antivirusfake.jpg 18.77 KB

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Great video! It talks about getting to fake anti-virus sites from searches done. I have seen search results on Google where they have the result up there but there is a warning not to go there due to malware. Of course it makes sense for anyone with a PC to have good anti-virus software already on it. I have seen these warnings with pictures that Google has for search results. I have clicked on to see what happens and my anti-virus software blocks it.

Also I read that Windows 7 has anti-spyware software built in callled defender. I tried to use it to do a scan but it was turned off. So I figured that when I installed the Norton Anti-Virus, that it turned off defender.

These attacks take the usual form of pop-ups warning that your computer is infected and offering to remove the threats for a software registration fee. "A scam like this can be extremely successful at passing revenue directly and quickly into the hands of hackers - so we all have to be on our guard," said Graham Cluley, senior technology consultant at Sophos. "The attacks are designed to trick people into paying to remove threats from their computer that never really existed in the first place. Once a user's computer is infected with fake anti-virus, the software will continue to bombard the user with bogus warning messages to encourage them to pay for threats to be removed or install more malicious code onto their PC. If computer users are concerned about the security of their machine, they should go directly to a legitimate IT security site, rather than put their trust in a criminal hacking gang."

I never experience that but I heard it does crash your system.

The article starter has earned a lot of community kudos, and such articles offer a bounty for quality replies.