Almost everyone has run across it and perhaps some of you have fallen for it – rogue anti-virus programs. Also known as scareware, these programs are infesting the net, and a new report reveals they are downloaded on to over 30 million compiters a month (over 3.5% of all computers) and net the scammers behind them a staggering $34 million a month. The report also predicted there will be close to 650,000 new scareware samples by the end of Q3 2009.
They work very simply, either a site redirect or a pop up informs the victim that they might be infected with malware, and then begins a fake “scan” of their computer, revealing a plethora of fake infections. The site then tells the now startled and probably worried victim that their software can take care of it for them for just $30. So the victim downloads a fake program, pays and watches as it “removes” the fake infections it found. The scammer just made $30 and the victim is relieved that the infections (which they never really had) are gone. It’s sort of a high tech version of a snake oil salesman.
Luis Corrons, PandaLabs Technical Director, stated “Rogueware is so popular among cybercriminals primarily because they do not need to steal users’ personal information like passwords or account numbers in order to profit from their victims. By taking advantage of the fear in malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially as popular social networking sites and tools like Facebook and Twitter have become mainstream.”
This kind of malware can be stumbled upon in variety of ways. Often scammers use Black Hat SEO techniques to poison search results for popular topics with their malicious links. Some go so far as to create fake search engines where every result leads to their malicious site. Rogue anti-virus software is also delivered via pop ups, banner ads and injection attacks that hijack legit sites and redirect them to the rogue anti-virus site. For example, more than once while on Facebook I’ve been suddenly redirected to a rogue anti-virus site. Several of my friends report the same happening to them. Most likely it’s caused by a poisoned ad in one of the networks used by FB. Just a few weeks ago anyone who used the FarmVille app found themselves dumped on a rogue anti-virus site thanks to one of those ads.
“As we have demonstrated throughout this report, the rogueware situation is very serious and growing as cybercriminals continue to create new methods for developing and distributing malware. It is a very lucrative business for the cybercriminals, so the name of the game is to infect as many people as possible, As a result, social networks have proven to be an effective channel to infect users. Based on PandaLabs’ extensive research, the situation is most likely to escalate even further.” said the report.
How do you know if your’re on a rogue anti-virus site? Well despite how slick and professional these sites look, it’s easy. If you were taken to the site via a forced redirect, chances are it’s malicious. If you ever find yourself on a rouge AV site, open Task Manager and close down the browser from there. Don’t click anywhere on the page!
Many are rigged to start downloading even if you try to close or go back. If the download happens and you don’t pay you will be bombarded with nag screens and pop ups telling you you are infected. To protect yourself, don’t click on pop ups telling you your computer is infected or on any banner ads for anti-virus software you’ve never heard of, no matter how professional and legit it looks. If you’re looking for a good anti-virus solution stick to AVG, Avast, or if you must, Norton or McAfee (not recommended though because of their tendency to hog system resources and cause conflicts with other programs). Whichever program you chose, keep it updated and scan your system regularly!
its great, finally found it here, good job!!