Web Hosting News

  Home arrow Web Hosting News arrow Page 2 - Fake Security is Big Business
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING NEWS

Fake Security is Big Business
By: Bruce Coker
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2009-06-03

    Table of Contents:
  • Fake Security is Big Business
  • Nasty Redirection
  • Self-protection
  • More self-protection

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    Fake Security is Big Business - Nasty Redirection


    (Page 2 of 4 )

    Even industry giants and government organizations have not remained untouched by the scareware stories. In December 2008, Gary Warner, University of Alabama's director of research in computer forensics, reported in his blog that redirection links to fake antivirus software vendor sites have exploited a number of major domains, including both microsoft.com and irs.gov.

    Warner’s blog makes for interesting – if disturbing – reading. He describes the redirect scam at length, explaining how fake redirection URLs from these domains have been listed in Google as a result of being posted in many thousands of blog comments sections and guest books. These links appear entirely legitimate, but any user who clicks on one is shown a false malware infection warning which leads to a fake system scan and, eventually, the opportunity to purchase the “System Security” application for $51.45. Whether or not the "product" is purchased, a key logger is installed on the system, which is potentially a serious threat in its own right.

    An especially insidious aspect of the redirect scam was the fact that it was almost impossible to identify the threat until it had actually been launched. The compromised links appeared in Google in response to legitimate search terms such as "Microsoft office 2002 download," and once they were clicked, it was too late. To its credit, Microsoft has responded quickly to these reports, closing the abused open redirector and implementing its own redirects to safe pages. Nonetheless, the swiftness and relative ease with which scammers have been able to execute such exploits has sounded alarms throughout the industry.  

    Compromised sites masquerading as legitimate ones is likely to be an increasingly popular trend as fake security scams grow in sophistication. News organization CNN was the target of one such incident in January 2009, when emails about the Gaza conflict began circulating that appeared to originate from its newsroom. These mails contained a link to an exact replica of a page containing a video of the conflict on CNN’s own web site.

    The fake site contained hundreds of links which all resolved properly to the CNN site. All except for two: clicking either the embedded video or a link to the Adobe Media Player resulted in malware downloads.

    Once again the most alarming aspect of this is how difficult it is to detect, even for the experienced and careful user. A web where every link on every site must be examined for potential hazards will rapidly become unusable, but with such imitations becoming ever more convincing, that seems to be the way things are heading at present.

    More Web Hosting News Articles
    More By Bruce Coker

    WEB HOSTING NEWS ARTICLES

    - FreedomPop Offering Open Wi-Fi Service
    - Go Daddy Goes to India
    - Netelligent, Savvis Add New Canadian Web Hos...
    - World IPv6 Launch Happens Today
    - IT Teams Struggle to Keep Pace with Malware
    - Lulz Security Hacks CIA, Takes Requests
    - Apple Unveils iCloud
    - Rackspace Introduces Cloud Load Balancers
    - Amazon Offers Cloud Drive, Disses Music Indu...
    - New Android.Pjapps Trojan
    - Copyright Fight over Hurt Locker Downloads I...
    - Data Reveals Many Browsers Remain Unpatched
    - PandaLabs Report - What Happens to Stolen In...
    - Safari Books Online Review
    - Hackers Targeting Human Rights Groups

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap