Creating What Matters

Internet security upate 17 Sep 09

The death of actor Patrick Swayze has led to the detection of related spam that aims to catch out unsuspecting users.

Following the death of the Dirty Dancing and Ghost star, many malicious sites and files have been detected as being active on the web.

McAfee’s Sam Masiello claimed that with ‘another celebrity death’ comes ‘another recycled scareware tactic attempting to lure users to download malware by telling them that their PC is infected with a virus‘.

Masiello said: “Queries for information on the death of the popular actor may lead to news stories that look legitimate when returned in search results. This similar tactic of presenting a window to the user that looks very much like a legitimate Windows popup has been used many times before in various forms.

“Clearly scareware tactics are something that cybercriminals have latched onto as a popular method for malware distribution as it continues to be a recurring and evolving theme. Conficker/Downadup largely popularised scareware with its success (although it wasn’t the first to use it) and now others are riding on that popularity to re-purpose it for their own scams.”

Graham Cluley, senior technology consultant at Sophos, said: “Although the entertainment world mourns his loss, heartless hackers are taking advantage of the hot news story by creating malicious web pages that lead to fake anti-virus alerts.

“The tactic used by the cybercriminals on this occasion is the same as the one we saw after the death of Natasha Richardson and when they exploited interest amongst the public in the anniversary of the 9/11 terrorist attack last week.

“Clearly the cybercriminals are no slackers when it comes to jumping on a trending internet topic, and are more professional than ever before in spreading their fake anti-virus scams. The question is – are you being equally expert in keeping your security up-to-date and your wits about you when you surf the net?”

F-Secure’s Chu Kian further claimed that a malicious link is appearing on Google searches for Swayze’s funeral. Kian said: “Folks may think that they need to click on the ‘video’ to enable video streaming. Actually, it’s an image and clicking on it takes the user to another website that promises another video, and clicking on this video ends up with the victim unintentionally downloading a rogue anti-virus.

“Incidentally, on the first website the bottom video is an actual YouTube video that’s completely unrelated to the funeral and is not linked to malware.”

We recommend AVG’s LinkScanner programme which comes as part of it’s internet security suite and in our experience picks up this sort of thing all the time.

full article

Internet Security is not a luxury

Over the weekend, several people noticed attacks originating from a malicious ad placed at nytimes.com. Viewers were redirected to what we call a fake, or rogue antispy page, where the webpage pretends to scan your computer, and then tries to convince you to install some nifty antivirus program to clean it up-oh-but-you-have-to-register-first-put-your-credit-card-here-mr-victim. Nothing new there… it’s the most common thing we see everyday.

Being heavily involved in Internet Security we’ve been watching this particular style of rogue attack since about March, and just happened to have them under the microscope over the weekend, and here’s the interesting thing… normally, we see 10-15,000 such detections each day, but from about last Thursday thru Sunday, it spiked to 160-170,000 per day. It dropped off today to about 20,000.

The attacks seemed to come from two main types of lures, with the first being advertisments, including the fake one on nytimes, and lots of Flash banner ads, and the second being searches for “newsie” events like Kanye and Taylor, and Patrick Swayze, and Serena Williams.

It’s ever so impressive how quickly they not only react, but also point the news search results at their hijacked lure machines. In other words, not only are they quick to react to something news worthy, but they are somehow able to get their hijacked machines right up to the top of the google and bing searches. These guys are flat-out clever.

In summary, not only was there a huge spike in activity by this particular group (or groups), but they quickly were able to manipulate the search engines.

It goes without saying that LinkScanner is able to detect and block these attacks, but it’s a dangerous Web folks. Linkscanner is an integral part of AVG Internet security.