Friday, September 3, 2010

“Fake antivirus programs taking PCs hostage” plus 3 more

“Fake antivirus programs taking PCs hostage” plus 3 more

Fake antivirus programs taking PCs hostage

Posted: 03 Sep 2010 03:04 AM PDT

Security vendor Fortinet reports that fake, or rogue, antivirus software has started blocking PC applications and demanding money to allow user access.
9/3/2010 6:00:00 AM By: John E. Dunn


Fake antivirus programs taking PCs hos...

Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet's latest threat report has found.

The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month.

Related Story: Rogue antivirus "biggest threat" facing Canadian PCs

Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are 'infected'. The user is invited to have the infection cleaned by buying the bogus TotalSecurity product.

Adding an extra layer of sophistication to its arsenal – and no doubt aware how quickly bogus antivirus software is blocked by genuine security products – TotalSecurity can now vary the downloads it feeds to target PC using server-side polymorphism. Put another way, the exact version downloaded to a victim's PC will constantly change which makes detection harder.

 "This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," said Fortinet's threat research head, Derek Manky.

Page Navigation 1) Fake antivirus becoming more aggressive in attempts to make money. - Page 1
2) PC-disrupting malware is becoming more common. - Page 2 << Back

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.

Fake antivirus software using ransom threats

Posted: 02 Sep 2010 07:37 AM PDT

Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet's latest threat report has found.

The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month.

Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are 'infected'. The user is invited to have the infection cleaned by buying the bogus TotalSecurity product.

Adding an extra layer of sophistication to its arsenal – and no doubt aware how quickly bogus antivirus software is blocked by genuine security products – TotalSecurity can now vary the downloads it feeds to target PC using server-side polymorphism. Put another way, the exact version downloaded to a victim's PC will constantly change which makes detection harder.

 "This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," said Fortinet's threat research head, Derek Manky.

According to Fortinet, such attacks demonstrate the vulnerability of PC-based antivirus software. A layered defence would have a better chance of detecting TotalSecurity by either intercepting the initial spam used to spread it or by blocking the download website.

Once rare enough to be a curiosity, malware using threats and direct interference with a PC's operation have slowly become more common.

A previous report from Fortinet in March noted a sudden surge in the technique, about a year after the first aggressive use of ransomware in the form of the notorious Vundo Trojan. That particular piece of malware used crude encryption of a victim's files.

In July came news of the odd Krotten Trojan that disables a victim's PC in a variety of ways before asking for a tiny payment to be made to a Ukrainian mobile phone network. Two months before that researchers in Japan discovered the Kenzero porn blackmail Trojan that threatens to post a victim's embarrassing browsing history to a public website.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.

Fake antivirus software uses ransom threats

Posted: 02 Sep 2010 07:21 AM PDT

Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet's latest threat report has found.

The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month.

Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are 'infected'. The user is invited to have the infection cleaned by buying the bogus TotalSecurity product.

Adding an extra layer of sophistication to its arsenal – and no doubt aware how quickly bogus antivirus software is blocked by genuine security products – TotalSecurity can now vary the downloads it feeds to target PC using server-side polymorphism. Put another way, the exact version downloaded to a victim's PC will constantly change which makes detection harder.

 "This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," said Fortinet's threat research head, Derek Manky.

According to Fortinet, such attacks demonstrate the vulnerability of PC-based antivirus software. A layered defence would have a better chance of detecting TotalSecurity by either intercepting the initial spam used to spread it or by blocking the download website.

Once rare enough to be a curiosity, malware using threats and direct interference with a PC's operation have slowly become more common.

A previous report from Fortinet in March noted a sudden surge in the technique, about a year after the first aggressive use of ransomware in the form of the notorious Vundo Trojan. That particular piece of malware used crude encryption of a victim's files.

In July came news of the odd Krotten Trojan that disables a victim's PC in a variety of ways before asking for a tiny payment to be made to a Ukrainian mobile phone network. Two months before that researchers in Japan discovered the Kenzero porn blackmail Trojan that threatens to post a victim's embarrassing browsing history to a public website.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.

'Freemium' antivirus firm Avast gets funding boost

Posted: 02 Sep 2010 08:26 AM PDT

The security vendor Avast has received a $100 million investment from private equity firm Summit Partners, in exchange for a minority stake in the company.

Avast chief executive Vince Steckler described the $100 million deal on Monday as "a vote of confidence in our disruptive 'freemium' business model," which sees the vendor giving its product--including updates--for free to millions of non-corporate users.

The company's current model is based on providing its antivirus program, which contains similar features to competitors' paid-for offerings, to home users for free. As with rival antivirus firm AVG, this is done in the hope that those customers will then upgrade to a paid-for premium version.

Read more of "'Freemium' antivirus firm Avast gets funding boost" at ZDNet UK.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)