|
Vulnerability Management Buyer's Checklist Download here |
New Fake Antivirus Attack Holds Victim's System Hostage
Attack forces user to purchase phony antivirus package to free computerOct 15, 2009 | 02:42 PM
By Kelly Jackson HigginsDarkReading
Attackers have added a new twist to spreading fake antivirus software: holding a victim's applications for ransom.
Researchers discovered a Trojan attack that basically freezes a user's system unless he purchases the rogueware, which goes for about $79.99. The Adware/TotalSecurity2009 rogueware attack doesn't just send fake popup security warnings -- it takes over the machine and renders all of its applications useless, except for Internet Explorer, which it uses to receive payment from the victim for the fake antivirus. "The system is completely crippled," says Sean-Paul Correll, threat researcher and security evangelist for PandaLabs, which found the new attack.
Correll says when the rogueware detects any application on the machine starting to execute, it then shuts down the application. "This happens for every file you try to open except IE. The only reason IE works is because that's what's used to allow victims to pay the cybercriminals," he says.
Bad guys have used ransom threats in phishing attacks and distributed denial-of-service (DDoS) attacks, but Correll says this is the first time it has been used to force users to buy rogueware. Rogueware distributors typically prompt the victim with pop-up messages, but the user can bypass the purchasing process by ignoring them or clicking through them.
Adware/TotalSecurity 2009 isn't new rogueware, but the difference is its distributors are using a more aggressive tack to ensure they make money from it. "Users are put into a Catch-22," Correll says. To free their systems, they are pressured into purchasing the package and sending their financial details to the bad guys, he says. Once the transaction is complete, they receive a serial number that releases their apps and files and can recover their information.
The good news is that, so far, this type of attack is relatively rare. And PandaLabs has posted the serial numbers for the malware application so that users can temporarily "unlock" their systems.
Rogueware has been on the rise this year, and its creators are pumping out new versions of the malware in rapid-fire. PandaLabs found 374,000 new versions of rogueware samples released in the second quarter of this year, a number the company expects to nearly double to 637,000 in the third quarter.
Correll says it's only a matter of time before other rogueware developers emulate the ransom attack. "By forcing the user to pay so quickly, they are able to maximize their profitability before getting caught and removed," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Subscribe to RSSVulnerability Management Reports
Compliance 101: Creating a Strong Vulnerability Management Strategy
Assessing new threats is only the first step in finding and shoring up weak spots in your defenses. Most infosec groups must also factor in a broader audit of compliance with regulatory standards such as HIPAA and PCI. In this Dark Reading Tech Center report, we outline best practices for compliance-oriented vulnerability management; discuss helpful technologies; and address the process of mapping compliance requirements to vulnerability detection and remediation.
Ground Zero: Building a Layered Defense Against Unknown Threats
The moment a malicious hacker or digital criminal exploits an unreported, unpatched flaw, the countdown to chaos begins. Here's how to employ a defense in depth strategy to make it through those critical first days relatively unscathed. The process isn't painless, but there are some key steps that may help you speed the effort to get your infrastructure back to normal.
Assessing the Danger: How IT Can Ace Vulnerability Management
Finding the flaws in your operating systems and applications is only the beginning. You then need to plot a path to security and ensure that no new weaknesses find their way onto your network. In this Dark Reading Analytics report, we offer some step-by-step recommendations on how to do that. First up: an overview of the problem.
Related Content
| Sponsored by: |  |
Vulnerability Management Buyer's Checklist
Get this 12-point Checklist of key considerations every IT security professional needs to be aware of before choosing a vulnerability management solution.
Case Study: eBay, Inc. - Securing the World's Online Marketplace
Learn how eBay was able to automate their network security auditing and get meaningful, actionable reports.
7 Essential Steps to Achieve, Measure and Prove Optimal Security
Whether you're protecting 5 servers or 5,000, this paper details the essential aspects of putting into place a measurable and sustainable vulnerability management program.
Free Trial - Vulnerability Management
Free 14-day trial of award-winning vulnerability management solution from Qualys. Identify, fix, and report on network security threats. Try Now.
Vulnerability Management Newsfeed
- McAfee Upgrades Consumer Security Product Line
- BigFix Offers 10% Discount In The Spirit Of IT Dinosaur Awards
- Sunbelt Software Announces Top 10 Malware Threats For January
- Netgear Brings Enterprise-Class Security To Small Businesses And Telecommuters For Under $300
- Panda Security USA Expands Management Team
- StopBadware Spins Off From Harvard's Berkman Center For Internet & Society
