Security

Fake antivirus software (a.k.a misleading applications or rogue antivirus) is big business nowadays with Symantec reporting 43 million installation attempts from over 250 distinct programs between July 1, 2008, to June 30, 2009. With fake AV software costing the victim anywhere from $30 to $100, this is a lucrative earner for criminals. Over time Symantec has observed various social engineering tactics being used to try and entice victims to hand over their money in this scam. The fake antivirus software known as Live PC Care has now gone as far as offering live online support to potential victims. Once a victim has installed Live PC Care onto their system via a system exploit or social engineering tactics, they are presented with the screen below falsely informing them that their system is riddled with viruses. Any suspicious computer user might wonder what this software is and where exactly it came from. To alleviate doubt and to aid with the whole scam, the designers of Live PC Care have added a yellow online support button in the top, right-hand corner of the fake AV software. ...

Advanced Defender is fake security software that tricks people into thinking it’s legitimate antispyware software in hopes they will pay for the product. Advanced Defender is a potentially dangerous and extremely frustrating PC infection that should be removed immediately. If Advanced Defender has infected your computer you may notice the following symptoms: System scans that report numerous infections, yet requires purchase of Advanced Defender before it will remove the infections (These are fictitious scan results) Alerts and Pop-Up system warnings stating the PC is infected and recommend purchase of Advanced Defender (These warnings are fake) Web browser redirecting to random websites (these websites are owned by cyber thieves and will further infect your PC) Advanced Defender will prevent other programs from opening, stating they are infected (The programs are not infected)

Planning a romantic Valentine’s Day for your loved one? Is there is no end to all that you can do to add even more sparkle this dreamy day? Perhaps a bottle of wine, flowers, or a lovely gift to impress him/her—and if you aren’t with anyone, there are even dating services available that provide you with options to meet a date. As Dermot Harnett mentioned in A Brilliant Proposal: Stay Away from Valentine’s Day Spam!, for spammers, Valentine’s Day is a great target. We’ve observed several spam email message styles related to this upcoming event. Gift options, flower delivery, dating service, med spam to spice up your relationship, and much more. Here are some common header lines that Symantec has tracked relating to Valentine’s Day: ...

It’s just a few more days before Valentine’s Day. As most people now are already preparing their celebration, malware authors are also getting ready to use this popular event to target users with their malicious intent. Here’s one example of a malicious file (2077ed17f0ad92dafb8fb7601570e06580e4b7f1) we’ve seen recently: Upon execution, it drops the following picture file greeting: Note: It seems that the malware writers are using valid images from legitimate Web sites. ...

Jerome Segura at ParetoLogic blogged about this yesterday: a rogue security product with a web page that tries to imitate that of the German AV company Avira (check out the red umbrella and the type face.) Hmmm. If this company has been providing “20 Years of Total Protection” how come its web site was just registered last year and why was it registered by a proxy service? The fake: ...

SAN FRANCISCO – Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks. The attack can force heavily secured computers to spill documents that likely were presumed to be safe. This discovery shows one way that spies and other richly financed attackers can acquire military and trade secrets, and comes as worries about state-sponsored computer espionage intensify, underscored by recent hacking attacks on Google Inc. ...

The creators behind the rogue antispyware appliaction WiniGuard have released yet another clone of their software. This one is called SafePcAV. SafePcAV spreads by showing fake online scanners. Once installed it will show hundreds of false infections. To remove these infections it requires the user to pay and license the software. If your computer is infected with this you must remove it soon, Click Here to learn how to remove it.

Symantec has observed a new trend in phishing in which the phishing Web page contains pornographic content. The phishing site states that the end user can obtain free pornography after logging in or signing up. These offers tempt users into entering their credentials in the hopes of obtaining pornography. The attackers use several offers of pornography as bait. Some of the offers are adult chat, social networking with adult personals for sexual favors, blogs with free pornography, and so on. The screenshot below is an example of a phishing website using a leading information services brand. The site states that they provide email alerts for sex parties: ...

Our good friends at Broomfield, Colo., security firm eSoft have found an interesting scam to trick Internet users into installing the Hotbar adware: a fake Firefox download site. The eSoft researchers are theorizing that an affiliate of Pinball Publisher Network (PPB). is responsible. Pinball bought the Zango assets after that pestilent operation failed last spring. However Sunbelt Software Spyware Research Manager Eric Howes did some more digging and found that PPN offers the download file on a site they own so affiliates can send customers victims there for downloads. ...

Microsoft has announced in Advisory (980088) that there has been a publicly disclosed vulnerability in Internet Explorer, versions 5 through 8. Users not running Internet Explorer in Protected Mode are at risk of having information, in files with predictable names, accessed by attackers. This vulnerability cannot be exploited to execute remote code or used for a denial-of-service attack. The largest group of users at risk are Windows XP users running IE without Protected Mode enabled. Internet Explorer on Vista and Windows 7 has Protected Mode enabled by default. ...