Greg Johnston, tech columnist

Last week, I pointed out that not all computer security issues are Windows-specific problems – popular programs and file formats (Adobe Reader and Flash in the example) have started to become a more and more common point of attack on computer systems.  In this column , we’ll look into how fake anti-virus schemes make use of social engineering to compromise computers and bilk consumers of money and personal information.

Social engineering schemes have always been popular means of compromising computers and defrauding people generally.

Social engineering schemes basically encompass all the ways scammers and hackers trick computer users into installing Trojans (a Trojan simply being an infected program or file the user allows onto their system, thinking it is something else which they actually want – a music or video file, or program, for example, but hiding an unwanted payload), and possibly inducing the user to divulge credit card and personal information that can be put to further fraudulent use – making you pay to be taken more than one way!

Viruses and worms take advantage of vulnerabilities in the operating system or programs to infect computers and spread themselves; Trojans rely on tricking the user into allowing them onto their computer and running the hidden malware.

Fake anti-virus (AV) and system protection software, AKA scareware, is a particularly devious example of social engineering. It seeks to take advantage of people’s fears of having their computer and personal information compromised by hackers and fraudsters, to do exactly that.

Thus far, scareware schemes seem to exclusively target Windows users, but there is nothing inherent in Windows that drives that, simply the fact that Windows represents the broadest possible audience of potential victims. Social engineering schemes very often go for quantity over quality: they don’t need a high response rate if they can hit enough people.

The Nigerian Letter Scam, and variants, for example, has been around since at least the early 1980’s and still finds victims today, despite having become a cultural meme.

Ars Technica, a tech news website, reported nearly a year ago that 30 million people globally may have fallen victim to fake anti-virus software scams, based on research by security vendor Panda Labs. Over 7,000 fake-AV schemes have been identified, with more emerging daily.

Fake AV schemes use a variety of methods to induce fear in computer users, and attempt to drive the user to purchase their “protection” package to prevent a potential or threatened infection.  Even legitimate websites, such as Fox News and MSN have been tricked into placing ads for scareware products on their websites, so just because the supposed AV product appears to be advertised by a popular and legitimate site doesn’t mean you should take its claims at face value.

Particularly insidious is that many Fake AV products, once installed, will prevent legitimate antivirus programs and system tools from running, and block websites with information, updates, and tools that might help remove the bad product.

Sorting Out the Bad Apples:

Scareware ads will typically play up a [supposed] new and particularly nasty threat (while legit AV vendors tend to trade more on their own brand name).  Like legit AV, scareware ads often include logos of well-known technology sites and reviewers, such as CNET, ZDNet, PC Magazine,  and Microsoft Certified Partner, but the logos are non-clickable – they don’t take you to the review or the website shown, or they open up a page that looks like that site but has a different URL.

Scareware ads often feature performance charts, showing how their “product”, which you’ve likely never heard of before (but which often has a name that sounds similar to legit products) outperforms other well-known AV products; the comparison charts are so common, and generic, that legit security vendors tend to avoid them because they are so thoroughly associated with fake AV.

Pop-up ads that appear to be real-time security or virus-scan notices are also common, trying to induce the user to make an immediate purchase or download to fix the supposed threat (Warning! Virus threat has been detected! Malicious software has been found on your computer! Impending system failure and invasion by barbarian hordes is imminent!! Exclamation!!!). 

On my own website (infotrek.ca,link below) I’ve shown an example, where what appears to be a Windows XP Security Center notice, superimposed on a “My Computer” window with lots of alarming warnings, was generated when I visited a particular website (I was looking for just such an example of scareware pop-ups). 

This was rather laughable, since it was showing up on the screen of my Mac, not a Windows PC. However, Windows users might be taken in by such a pop-up, although the fact the buttons and icons are not clickable is a giveaway – clicking anywhere in the window takes you to a site where they offer to sell you their “solution” to the “problem”.

There are a number of legitimate online virus scanners (which work via ActiveX or Java plug-ins in your web browser); it is unlikely you will arrive at one by accident, and you generally have to click through several pages and authorizations to access one. They don’t just pop up on your screen.

The 2nd page of the ZDnet blog listed below lists legitimate online scanners, all associated with major anti-virus vendors.  As well, the links to ccssforum.org and virustotal.com below list legitimate AV Software vendors and link to their sites – any other link or ad in a web page or email should be treated as suspect.

There are a number of perfectly good free anti-virus programs, as well as adware and firewall software available on the internet (free only to home, not business users generally), but if you aren’t confident assembling your own security suite from different free programs, buying a AV/security suite CD at a retail store or online beats the cost and inconvenience of lost data, to say nothing of the danger of fraud losses that might ensue by using your credit card and personal info to purchase phony AV software online, allowing who-knows-what onto your computer, and who-knows-who access to your credit and personal information.

http://arstechnica.com/security/news/2008/10/report-fake-antivirus-programs-claim-30-million-victims.ars
http://infotrek.ca/Security_tips_InfoTrek.htm
http://infotrek.ca/Fake_AV_sample.htm
http://blogs.zdnet.com/security/?p=4297&tag=nl.e589
http://www.ccssforum.org/trusted-vendors.php
http://www.virustotal.com/sobre.html

Related posts:

1. RANSOMWARE: A NEW VARIATION ON SCAREWARE Greg Johnston, tech columnist Wednesday, news broke of a Dutch...
2. 1 MILLION PLUS WEB SITES "POISONED" BY CYBER-CRIMINALS Greg Johnston, tech columnist Since September, security researchers have been...
3. IS FREE ANTI-VIRUS THE RIGHT SECURITY SOLUTION FOR YOU? Greg Johnston, tech columnist In my previous column, I discussed...
4. COMPUTER SECURITY PROBLEMS: IT'S NOT JUST WINDOWS Greg Johnston, tech columnist Today, I’m going to alert readers...
5. COMPUTER SECURITIY "SOAP OPERA" OVER WINDOWS 7 VULNERABILITY Greg Johnston, tech columnist Microsoft acknowledged earlier this week that...

Related posts brought to you by Yet Another Related Posts Plugin.