Scareware, which is another term for fake antivirus software, is a form of malware that attempts to scare or threaten victims into downloading software that has either little or no benefit. It does this by providing warnings that encourage users to clean their infected computers with phony software downloads. Although scareware usually makes appearances via pop-ups or banners on websites, researchers at Kaspersky recently found it associated with the ICQ instant messaging tool.
ICQ is a commonly used instant messaging program that is popular across the globe, particularly in Eastern Europe and Russia. In the recent detection of scareware by Kaspersky, an innocent-looking ad would appear in ICQ for Charlotte Russe, a popular store known for carrying women's fashion. If a user clicked on the Charlotte Russe ad, they would be instantly sent to the company's website.
While that action appeared legitimate and harmless, a new browser pop-up would appear simultaneously with the Charlotte Russe ad. The pop-up was for Antivirus 8, a fake antivirus program. In an attempt to scare the user into downloading it, the scareware stated that suspicious activity was detected on the system. If the user downloaded the program, their computer would be infected with phony Antivirus 8 software that is essentially worthless.
Scareware is not a malware concept that is new to the online landscape, but this particular instance of it is rather peculiar in many ways. Perhaps the most interesting aspect surrounding Antivirus 8 is that it appears even when the user is not actively using the computer. The scareware shows up when ICQ is retrieving and displaying new ads. Scareware usually appears when a user clicks on a malicious link in search results or through other online avenues. Another peculiar characteristic of Antivirus 8 is that it does not have an embedded exploit. It does attempt to get users to download it onto their machines, however, which could lead some to believe that it is being spread on a trial basis.
Also of interest is the way in which the hackers behind Antivirus 8 pretended to be the Charlotte Russe store. After some investigation, Kaspersky found that none of the phony ads' servers were actually related to Charlotte Russe. In other words, the hackers went through a lot of trouble to get their phony ads approved by yieldmanager, which is the ad distributor. Getting such approval is not an easy task, which means that those behind the attacks likely have a high level of sophistication and know-how. Roel Schouwenberg, an expert with Kaspersky, stated, “They put in quite a lot of effort to seem legitimate. Attacking yieldmanager successfully and having fake anti-virus in the ICQ ads...is something that is very high level and hard to achieve.”
Schouwenberg believes that two separate bands of cybercriminals could be responsible for the ICQ attacks. One band could have developed the fake antivirus software, while the other handled the process of getting the ads approved by yieldmanager. Kaspersky notified yieldmanager of the issue with the hopes of getting it fixed before it spreads even further.
For more on this topic, visit http://news.cnet.com/8301-27080_3-20029525-245.html?tag=cnetRiver
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou