![]() | |
![]() Slideshows: 12 CIOs' 'Career Killer' Pet Peeves | |
(click for larger image and for full photo gallery) |
Opening the HTML file attached to the spam, however, redirects your browser to a hacked website that attempts to use a malicious iFrame -- or inline frame, for loading different HTML documents onto the same page -- to push scripts at a PC, which then downloads fake antivirus software. That's when the fun begins.
According to Sophos, fake AV -- aka scareware -- "is a class of malware that displays false alert messages to the victim concerning threats that do not really exist." Side effects may include continuous alerts and continuously being redirected to websites demanding payment. Whether you pay for the software or not, it doesn't do anything, and if you do pay, don't expect to be charged just once.
Scareware attacks have been around for years. But this new fake AV attack ups the ante by disguising itself as VirusScan, from legitimate antivirus vendor McAfee, as well as by the volume of spam being generated to help the attack circulate.
When it comes to online scams, fake AV persists because it's a consistent moneymaker. Another selling point for criminals is the low barrier entry. Fake AV attacks are relatively low-tech, relying more on social engineering -- and annoyance -- than cutting-edge coding.
"In this attack, the hackers are using a mixture of human gullibility, poorly protected websites, and the tried-and-trusted trick of scaring users into believing that they have security problems on their PC to con them into downloading more dangerous software or handing over their credit card details," said Graham Cluley, senior technology consultant at Sophos, on the Sophos blog.