The old dogs are still in learning mode

Norman Security Blog wrote a good article about Fake AVs and their new variants and how to protect ourselves, Credit to my friend, Pondus, for sharing this: Background Fake antimalware has become a profitable industry for the cybercriminals. New variants appear on a daily basis, and new techniques for tricking the users are fine-tuned. A few weeks ago we wrote in our security article – Cybercriminals focus on new targets – about fake antimalware for Apple’s Mac OS X operating system. In its security update 2011-003 for Mac OS X, available 31 May, Apple enhanced considerably its protection against malware. This includes the ability to automatically download new malware signatures, similar to the functionality found in standard antimalware tools. This signifies that Apple now regards its Mac OS X platform as a serious target for cybercriminals. ...

June 4, 2011 Â· 3 min Â· 560 words Â· Omid Farhang

Fake Trojan Removal Kit serves up ThinkPoint Rogue

You might want to steer clear of the following fake security program, being promoted as a “Windows Trojan Removal Kit” but actually hijacking your PC in the form of the ThinkPoint rogue with a mixed (24/43) detection rate. The file is currently being offered up by your typical “fake security scan” pages, such as microsoftwindowssecurity152(dot)com. Those familiar with this particular rogue will be aware that it tends to stick with domains similar to the one above. ...

November 30, 2010 Â· 1 min Â· 133 words Â· Omid Farhang

Can you really see who viewed your Facebook profile? Rogue application spreads virally

SophosLab: Once again, a rogue application is spreading virally between Facebook users pretending to offer you a way of seeing who has viewed your profile. As we’ve described a couple of times before, plenty of Facebook users would *love* to know who has been checking them out online.. but unfortunately scammers are aware of this, and use the lure of such functionality as a way to trick you into making bad decisions. ...

November 28, 2010 Â· 3 min Â· 449 words Â· Omid Farhang

Facebook Dislike button scam spreads virally

Have you seen a message like this on Facebook? I just got the Dislike button, so now I can dislike all of your dumb posts lol!! If so, don’t click on the link. It’s the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”. ...

August 16, 2010 Â· 2 min Â· 352 words Â· Omid Farhang

What’s in a (rogue) name? VirusTotal 2010

There is a well-respected and very useful site that everyone in the anti-virus industry uses – sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate: ...

August 13, 2010 Â· 1 min Â· 135 words Â· Omid Farhang

Google: 11,000 domains carrying rogue security products

Niels Provos of the Google Security Team has blogged about the rise of malicious web sites carrying rogue security products, which the Google team calls “Fake AV.” Google has been engaged in a constant battle against the sites because the operators who peddle them have been refining their techniques for poisoning Google search engine results in order to victimize Google users by drawing them to malicious download sites. He wrote: “we conducted an in-depth analysis of the prevalence of Fake AV over the course of the last 13 months, and the research paper containing our findings, ‘The Nocebo Effect on the Web: An Analysis of Fake AV distribution’ is going to be presented at the Workshop on Large-Scale Exploits and Emergent Threats (LEET) in San Jose, CA on April 27th.” ...

April 17, 2010 Â· 2 min Â· 261 words Â· Omid Farhang

Arrests on the Rise

Lots of little newsworthy updates recently . . . they’ve been well-covered elsewhere, but we wanted to make sure our readers saw them as well. Russia: Safe Haven no more? One of the constant complaints that we hear is “the criminal is probably in Russia”, as an excuse for why a case is not worth investigating. Back on November 11, 2009, we posted a story The $9 Million World-wide Bank Robbery, where VIKTOR PLESHCHUK, 28, of St. Petersburg, Russia; SERGEI TƠURIKOV, 25, of Tallinn, Estonia; and OLEG COVELIN, 28, of ChiƟinău, Moldova were charged with leading the robbery, which actually occurred in 2008. This week the Financial Times has revealed that Viktor Pleshchuk was arrested by the FSB. Their story leads with: ...

April 3, 2010 Â· 3 min Â· 430 words Â· Omid Farhang

Jon and Kate Plus Eight 
 plus fake codecs

One our researchers was reading the comments about Dancing With The Stars, and Kate Gosselin’s performance (He’s a huge fan 
 don’t ask), when he noticed a link to a URL shortening service. Given that it was advertising a video of Kate Gosselin topless, he astutely realised that was a bit suspicious, and checked it out inside a nice, safe virtual pc. Indeed, the shortening service immediately transferred to a website showing a picture of Kate at the beach
 ...

April 3, 2010 Â· 2 min Â· 281 words Â· Omid Farhang

Back to Basics with Fake AV

We’ve been seeing Fake AV programs getting more convincing for a while now. Some of the tricks employed by the guys behind these rogue programs include Windows-7-style fake scanners, in-browser “scanners”, and program features that ape other aspects of the operating system. Yesterday, though, we came across a misleading application called AntiVirusDemoFraud that is—how to say?—possibly a little less sophisticated than some in terms of user interface design. ...

March 30, 2010 Â· 1 min Â· 130 words Â· Omid Farhang

Facebook AV

Does a Facebook-specific antivirus application sound like a good idea? Maybe not. One of our analysts saw this particular application claiming to be an antivirus wreak havoc on his Friends list. Of course, there is no such thing. Once installed on one Friend’s account, this application tags 20 Friend into a picture such as the one below: If a Friend looking through the photos then clicks on the app’s (apparently randomly generated) link, they’ll see this: ...

March 30, 2010 Â· 1 min Â· 142 words Â· Omid Farhang