Rogue Internet Security Scammers Costing Consumers Big Bucks - The Business of Scamming
(Page 2 of 2 )
It's sad to report, but those who create these "social engineering tricks" are raking in the money and have essentially created a big business out of being dishonest and deceitful. According to a Symantec report issued last year, it should come as no surprise that the fake security software industry is so hugely successful. During the 12 months from July 1, 2008 to June 30, 2009, more than 250 different phony programs tried to get onto more than 43 million machines worldwide.
As Symantec pointed out, however, the strategies being employed aren't new. More than two months ago, Microsoft's Malware Protection Center sent out a warning making users aware that antivirus scammers were successfully putting out bogus alerts in Internet Explorer, Chrome, and Firefox.
Microsoft wrote that the "similarities between the fake warning pages and the real things is so accurate that it can trick even highly trained eyes."
The Phoenix Exploit Kit
According to Vashishtha, if a savvier Internet user does not download the misleading application, then these websites will redirect the user to a website that further redirects them to another malicious website that is hosting the now infamous Phoenix exploit kit.
Just in case you haven't heard of it, this is how Vashishtha describes the kit:
- IE MDAC
- IE iepeers
- IE SnapShot Viewer ActiveX
- Adobe Reader and Flash - PDF Collab / printf / getIcon / NewPlayer/LibTiff
- Java - HsbParser.getSoundBank and JRE
- Windows Help Center (HCP)
These exploit kits are used to deliver malware after exploiting a vulnerability, mostly those affecting Web browsers. If users don't somehow fall victim to this latest browser update trick, then the attackers have the fall back of delivering misleading applications through these exploit kits."
Vashishtha encourages users not to not click on unverified hyperlinks. Instead, he recommends NortonSafeWeb to verify links before clicking on them. Vashishtha also suggests only downloading updates from legitimate vendor websites.
Anywhere at Any Time
Internet users should know that they can encounter these scareware peddlers anywhere online at any time. Even some of the safest websites have been hit. For example, scareware peddlers have pushed their ads on legitimate ad networks like The New York Times, which was recently duped into running rogue antivirus ads by a scammer pretending to work for Vonage.
According to The IC3, "Sometimes the scammers simply hack into Web sites and use attack code to put their software on the victim's computer," but that's not all they're capable of. You've got to keep in mind that these scammers are incredibly savvy and on top of the latest technology. So much, in fact, that last month webcams sold by Office Depot were found to contain links to a hacked site that tried to download a rogue antivirus. The IC3 suggests that users who see these unexpected antivirus pop-up warnings should "shut down their browsers or their computers immediately and then run an antivirus scan to see what's going on."
Prevention for Windows Users
The rogue antivirus software we've been discussing has been hitting Windows users particularly hard, which is why Device Magazine recently shared how the Windows Management Instrumentation Tester can help users identify any rogue malware or anti-virus programs attempting to slow down their machines.
Before installing any antivirus programs, the folks over at Device recommend first attempting to search for any malicious applications or Trojan activity.
This how-to, created by Device Magazine, essentially enables an Internet user to manually identify rogue antivirus programs in Windows. Here's how you do it:
- Click Start and hit Run.
- Type in "wbemtest" and then press Enter to open the Windows Management Instrumentation Tester window.
- In the upper right corner you should spot the Connect button; click it.
- In the first text box, where you see "root", type in "rootSecurityCenter" and press Enter.
- This is when you need to click the Query button and type "SELECT * FROM AntiVirusProduct." Once this is done, click on the Apply button.
- This is the section that enables you to see how badly your computer has been affected. If you see more than one result, this means there is more than one antivirus program installed on your computer. If you want to view the properties of the various results, double click on them and you will be shown the properties for that particular antivirus product.
- It is perhaps this last step that is most important for the removal of the harmful software: now you need to identify the malicious product(s) installed on your computer, and one by one, delete any records for a piece of harmful antivirus software (or rogue security program) that were installed.
These seven easy steps will leave a Windows users' computer free of the rogue software that has been costing Americans millions. For similar directions for Chrome or Firefox users, check out the security centers for each browser type.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |