“Google Finds Fake Antivirus Programs on the Rise” plus 3 more |
- Google Finds Fake Antivirus Programs on the Rise
- Google: Fake antivirus makes up 15 percent of all malware
- Google Finds Fake Antivirus Programs on the Rise
- Fake antivirus software on rise, says Google
| Google Finds Fake Antivirus Programs on the Rise Posted: 28 Apr 2010 06:40 AM PDT Fake antivirus software is becoming more prevalent on the Internet, with its creators using clever methods to fool users into installing the programs, according to a new report from Google. Google conducted a 13-month study looking at some 240 million Web pages. The company determined that 11,000 of those domains were involved in distributing fake antivirus programs, and that those kinds of program comprise 15 percent of the malicious software on the Web. There are thousands of versions of fake antivirus software, but all work on the premise of falsely telling users their computer has been infected with malware. The programs then badger users to buy the software, which often looks legitimate but has no real functionality. "More recent fake AV sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface," according to Google's report. "In some cases, the fake AV detects even the operating system version running on the target machine and adjusts its interface to match." Users are typically asked if they want to clean their machine, which causes the fake program to download. Fake antivirus usually spreads by social engineering ploys rather than by exploiting software vulnerabilities on the victim's computer, according to Google. The scammers behind the fake antivirus software frequently use online advertisements using popular keywords, although Google says it filters those advertised URLs to get rid of malicious ones. Google will blacklist those domains to warn people, but those developing fake antivirus software rotate the domains hosting their programs faster than ever to avoid the blocklist. A domain hosting fake antivirus software used to serve up the content for up to 100 hours in April 2009, Google said. But that figure fell to below 10 hours in September 2009 and then to less than one hour in January. "These trends point to domain rotation, a technique that allows attackers to drive traffic to a fixed number of IP addresses through multiple domains," the report said. "This is typically accomplished by setting up a number of landing domains, either as dedicated sites or by infecting legitimate sites, that redirect browsers to an intermediary under the attacker's control." Google also found that legitimate antivirus vendors were having more trouble identifying the fake programs due to an increased level of "polymorphism," a technique used to make an application look unique and evade malware scanners. Fake antivirus programs haven't escaped scrutiny from regulators. Following a complaint from the U.S. Federal Trade Commission (FTC), a U.S. district court ordered six people and two companies to stop selling fake security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus. As part of that case, the FTC levied a $1.9 million judgement against James Reno and his Web hosting company, ByteHosting Internet Service of Ohio, but later reduced the judgement to $116,697 in June 2009. Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| Google: Fake antivirus makes up 15 percent of all malware Posted: 28 Apr 2010 04:58 AM PDT A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software, a Google study to be released on Tuesday indicates.
Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all malware that Google detects on Web sites, according to 13-month analysis the company conducted between January 2009 and February 2010. That's a five-fold increase from when the company first started its analysis, Niels Provos, a principal software engineer at Google, said in an interview. Meanwhile, fake antivirus scams represent half of all malware delivered via advertisements, which is becoming a problem for high-profile sites that rely on their advertisers and ad networks to distribute clean ads. Google analyzed 240 million Web pages and uncovered more than 11,000 domains involved in fake antivirus distribution for the study, which Google is set to unveil at the Usenix Workshop on Large-Scale Exploits and Emergent Threats Tuesday in San Jose, Calif. For more on this story, read Google: Fake antivirus is 15 percent of all malware on CNET News. Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| Google Finds Fake Antivirus Programs on the Rise Posted: 28 Apr 2010 06:58 AM PDT Fake antivirus software is becoming more prevalent on the Internet, with its creators using clever methods to fool users into installing the programs, according to a new report from Google. Google conducted a 13-month study looking at some 240 million Web pages. The company determined that 11,000 of those domains were involved in distributing fake antivirus programs, and that those kinds of program comprise 15 percent of the malicious software on the Web. There are thousands of versions of fake antivirus software, but all work on the premise of falsely telling users their computer has been infected with malware. The programs then badger users to buy the software, which often looks legitimate but has no real functionality. "More recent fake AV sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface," according to Google's report. "In some cases, the fake AV detects even the operating system version running on the target machine and adjusts its interface to match." Users are typically asked if they want to clean their machine, which causes the fake program to download. Fake antivirus usually spreads by social engineering ploys rather than by exploiting software vulnerabilities on the victim's computer, according to Google. The scammers behind the fake antivirus software frequently use online advertisements using popular keywords, although Google says it filters those advertised URLs to get rid of malicious ones. Google will blacklist those domains to warn people, but those developing fake antivirus software rotate the domains hosting their programs faster than ever to avoid the blocklist. A domain hosting fake antivirus software used to serve up the content for up to 100 hours in April 2009, Google said. But that figure fell to below 10 hours in September 2009 and then to less than one hour in January. "These trends point to domain rotation, a technique that allows attackers to drive traffic to a fixed number of IP addresses through multiple domains," the report said. "This is typically accomplished by setting up a number of landing domains, either as dedicated sites or by infecting legitimate sites, that redirect browsers to an intermediary under the attacker's control." Google also found that legitimate antivirus vendors were having more trouble identifying the fake programs due to an increased level of "polymorphism," a technique used to make an application look unique and evade malware scanners. Fake antivirus programs haven't escaped scrutiny from regulators. Following a complaint from the U.S. Federal Trade Commission (FTC), a U.S. district court ordered six people and two companies to stop selling fake security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus. As part of that case, the FTC levied a $1.9 million judgement against James Reno and his Web hosting company, ByteHosting Internet Service of Ohio, but later reduced the judgement to $116,697 in June 2009. Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| Fake antivirus software on rise, says Google Posted: 28 Apr 2010 04:45 AM PDT Google conducted a 13-month study looking at some 240 million web pages. The company determined that 11,000 of those domains were involved in distributing fake antivirus programs, and that those kinds of program comprise 15 percent of the malicious software on the web. There are thousands of versions of fake antivirus software, but all work on the premise of falsely telling users their computer has been infected with malware. The programs then badger users to buy the software, which often looks legitimate but has no real functionality. Rogue Facebook ad redirects to fake antivirus software | Fake antivirus software is most costly security scam of 2010 | Fake antivirus dupes millions, warns Symantec "More recent fake antivirus sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface," according to Google's report. "In some cases, the fake antivirus detects even the operating system version running on the target machine and adjusts its interface to match." Users are typically asked if they want to clean their machine, which causes the fake program to download. Fake antivirus usually spreads by social engineering ploys rather than by exploiting software vulnerabilities on the victim's computer, according to Google. The scammers behind the fake antivirus software frequently use online advertisements using popular keywords, although Google says it filters those advertised URLs to get rid of malicious ones. Google will blacklist those domains to warn people, but those developing fake antivirus software rotate the domains hosting their programs faster than ever to avoid the blocklist. A domain hosting fake antivirus software used to serve up the content for up to 100 hours in April 2009, Google said. But that figure fell to below 10 hours in September 2009 and then to less than one hour in January. "These trends point to domain rotation, a technique that allows attackers to drive traffic to a fixed number of IP addresses through multiple domains," the report said. "This is typically accomplished by setting up a number of landing domains, either as dedicated sites or by infecting legitimate sites, that redirect browsers to an intermediary under the attacker's control." Google also found that legitimate antivirus vendors were having more trouble identifying the fake programs due to an increased level of "polymorphism," a technique used to make an application look unique and evade malware scanners. Fake antivirus programs haven't escaped scrutiny from regulators. Following a complaint from the U.S. Federal Trade Commission (FTC), a US district court ordered six people and two companies to stop selling fake security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus. As part of that case, the FTC levied a $1.9 million judgement against James Reno and his Web hosting company, ByteHosting Internet Service of Ohio, but later reduced the judgement to $116,697 in June 2009. Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction. |
| You are subscribed to email updates from Yahoo! News Search Results for antivirus To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment