Web Hosting Security

  Home arrow Web Hosting Security arrow Scareware in ICQ Ads
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Scareware in ICQ Ads
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2011-01-31

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement
    Scareware, which is another term for fake antivirus software, is a form of malware that attempts to scare or threaten victims into downloading software that has either little or no benefit. It does this by providing warnings that encourage users to clean their infected computers with phony software downloads. Although scareware usually makes appearances via pop-ups or banners on websites, researchers at Kaspersky recently found it associated with the ICQ instant messaging tool.

    ICQ is a commonly used instant messaging program that is popular across the globe, particularly in Eastern Europe and Russia. In the recent detection of scareware by Kaspersky, an innocent-looking ad would appear in ICQ for Charlotte Russe, a popular store known for carrying women's fashion. If a user clicked on the Charlotte Russe ad, they would be instantly sent to the company's website. 

    While that action appeared legitimate and harmless, a new browser pop-up would appear simultaneously with the Charlotte Russe ad. The pop-up was for Antivirus 8, a fake antivirus program. In an attempt to scare the user into downloading it, the scareware stated that suspicious activity was detected on the system. If the user downloaded the program, their computer would be infected with phony Antivirus 8 software that is essentially worthless.

    Scareware is not a malware concept that is new to the online landscape, but this particular instance of it is rather peculiar in many ways. Perhaps the most interesting aspect surrounding Antivirus 8 is that it appears even when the user is not actively using the computer. The scareware shows up when ICQ is retrieving and displaying new ads. Scareware usually appears when a user clicks on a malicious link in search results or through other online avenues. Another peculiar characteristic of Antivirus 8 is that it does not have an embedded exploit. It does attempt to get users to download it onto their machines, however, which could lead some to believe that it is being spread on a trial basis.

    Also of interest is the way in which the hackers behind Antivirus 8 pretended to be the Charlotte Russe store. After some investigation, Kaspersky found that none of the phony ads' servers were actually related to Charlotte Russe. In other words, the hackers went through a lot of trouble to get their phony ads approved by yieldmanager, which is the ad distributor. Getting such approval is not an easy task, which means that those behind the attacks likely have a high level of sophistication and know-how. Roel Schouwenberg, an expert with Kaspersky, stated, “They put in quite a lot of effort to seem legitimate.  Attacking yieldmanager successfully and having fake anti-virus in the ICQ ads...is something that is very high level and hard to achieve.”

    Schouwenberg believes that two separate bands of cybercriminals could be responsible for the ICQ attacks. One band could have developed the fake antivirus software, while the other handled the process of getting the ads approved by yieldmanager. Kaspersky notified yieldmanager of the issue with the hopes of getting it fixed before it spreads even further.

    For more on this topic, visit http://news.cnet.com/8301-27080_3-20029525-245.html?tag=cnetRiver


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap