Fake Security Software
The risks of security software or scareware as it has been dubbed is on the rise. Scareware is fake security products that actually installs malicious software on the computer of an unsuspecting user. It is one of most successful malware scams today and is making millions for criminals.The fake security software acts like real security products and presents a screen that looks like it is scanning for security breaches. If or when the user clicks on the pop up box center screen, it downloads malicious software. It appears the target of the malicious software is the acquisition of personal information, specifically account information such as user names and passwords as well as credit card information.
One of the more prominent pieces of scareware is said to come from antivirus-quickscan.com that is operated from Russia and others sources are emerging.Another tactic being used by the criminals focuses on emails about security.
The criminals mimic e-mail messages sent routinely by Microsoft to their security
communications subscribers covering security software release information
or a specific security incident. The fake security communications appears
to be from Microsoft but is not and contain malicious links, scripts and other
These tactics may not be new ones, but they are growing more and more popular
as the cyber criminals and others are pushing the boundaries of tradecraft
trickery. At this point we estimate there are over 7,500 variants of this type of
scareware and infections are increasing rapidly.
These techniques have been around for a while now, but more and more users
are falling prey to these deceptive practices. Social engineering is one of the
thirty-four cyber attacks vectors. Addressing it is the most difficult problem
faced by security professionals today. Technology alone cannot fix the problem.
A recent study by the Psychology Department of North Carolina State
University revealed that most Internet users don't exercise much caution when
presented with fake dialog boxes and pop-up windows with obvious warning
signs of malware. Security awareness training for all end users is a start, but it
must be reinforced regularly through an internal communications campaign.
These campaigns typically include physical posters, pop-up messages during
user log-in, posts in the company news letter and so on. Get the word out