Fake Security is Big Business - Nasty Redirection
(Page 2 of 4 )
Even industry giants and government organizations have not remained untouched by the scareware stories. In December 2008, Gary Warner, University of Alabama's director of research in computer forensics, reported in his blog that redirection links to fake antivirus software vendor sites have exploited a number of major domains, including both microsoft.com and irs.gov.
Warner’s blog makes for interesting – if disturbing – reading. He describes the redirect scam at length, explaining how fake redirection URLs from these domains have been listed in Google as a result of being posted in many thousands of blog comments sections and guest books. These links appear entirely legitimate, but any user who clicks on one is shown a false malware infection warning which leads to a fake system scan and, eventually, the opportunity to purchase the “System Security” application for $51.45. Whether or not the "product" is purchased, a key logger is installed on the system, which is potentially a serious threat in its own right.
An especially insidious aspect of the redirect scam was the fact that it was almost impossible to identify the threat until it had actually been launched. The compromised links appeared in Google in response to legitimate search terms such as "Microsoft office 2002 download," and once they were clicked, it was too late. To its credit, Microsoft has responded quickly to these reports, closing the abused open redirector and implementing its own redirects to safe pages. Nonetheless, the swiftness and relative ease with which scammers have been able to execute such exploits has sounded alarms throughout the industry.
Compromised sites masquerading as legitimate ones is likely to be an increasingly popular trend as fake security scams grow in sophistication. News organization CNN was the target of one such incident in January 2009, when emails about the Gaza conflict began circulating that appeared to originate from its newsroom. These mails contained a link to an exact replica of a page containing a video of the conflict on CNN’s own web site.
The fake site contained hundreds of links which all resolved properly to the CNN site. All except for two: clicking either the embedded video or a link to the Adobe Media Player resulted in malware downloads.
Once again the most alarming aspect of this is how difficult it is to detect, even for the experienced and careful user. A web where every link on every site must be examined for potential hazards will rapidly become unusable, but with such imitations becoming ever more convincing, that seems to be the way things are heading at present.
Next: Self-protection >>
More Web Hosting News Articles
More By Bruce Coker
