[ insider_reports_insider ]
Beware The Scareware
Jason Lee Miller
Staff Writer
2008-12-05
 Insider Reports RSS Feed
"Scareware" sounds like a marketing term for a Halloween costume. It's not, it's a trendy new term for malware posing as security warnings in order to dupe the user into downloading a virus.
 | | Beware The Scareware |  |
The concept is simple and pretty smart. Via popup alert or email or via whatever means, send the user a warning their computer is infected and they need download an application or visit a specific website to fix it. If they fall for it, they're doomed.
Some of the more convincing ones come with apparent Microsoft or Windows origin-well, label, anyway. McAfee's Nandi Kishore describes one such attack popping up as a Windows Firewall Warning, complete with the Windows dialog box appearance. It warns of a "probable spambot infection," and asks the user if they would like to scan for malware.
Agreeing to the scan generates a false report from "Rapid Antivirus," which of course finds vulnerabilities and gives the user of choice of activating Rapid Antivirus to remove all infections or to "continue unsecured," which it labels in red letters as dangerous and warns that Worm.Blaster will send their credit card details to a remote host.
Choosing to activate invites the user to purchase one of three levels of protection, which are all likely just excuses to get credit card information.
Sophos' Graham Cluley, ever on the blog alert, warns of an email alert promising and "important message for you" in the subject line and coming from "support" at "Antivirus Pro."
In the body of the email the writer warns of a detected virus, which is labeled W.744.A, and provides supposed aliases given to it by various known security companies like Sophos, McAfee, Symantec, Avira, and Univ/a. Cluley says downloading "Antivirus Pro 1.0.0.1" only gets the user infected with Troj/FakeVir-HX.
But as often is the case, you can tell a malware fake by the excessively weird language (not leet speak, just bad English) or bizarre syntax. In this case, the emailer, presumably a professional, informs the recipient, "We do not have the best coders in the world, we do not give you ads and pop-ups telling you to press on certain buttons to install it."
Generally, the grammar's good, except for ignorance about semi-colon usage; but who understands semicolons, anyway? The real clue to it being bogus comes in the next line, where necessary prepositions are dropped, and another weird thing to say arises: "We recommend you our antivirus. Tested for 2 years, making it almost the best only for you."
Nice sales pitch, there, Vladimir.
About the Author:
Jason is a graduate of the University of Kentucky. He covers business, technology, and security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
