Pop-Ups Fake Security Alerts

Pop-ups try to fake users into downloading 'security software,' Trend Micro says

Next time you get a pop-up that alerts you to security troubles on your machine, beware.

There's been a surge in rogue anti-spyware applications, according to researchers at Trend Micro. The volume of these threats has jumped 500 percent -- from 2 to 10 percent of all infections Trend Micro has detected via its free HouseCall scanning service. The researchers say 10 percent of all new computers get infected by these rogue programs within the first 24 hours.

The latest attacks -- mainly aimed at less technically savvy home users -- use fraudulent security software as a lure, says George Moore, threat researcher for Trend Micro. It's a combination of social engineering and crafty pop-ups posing as Windows alerts. "Pushing fraudulent security applications is becoming increasingly popular."

Attackers can make anywhere from $30 to $80 a victim by selling them phony security tools, he says. "It looks, feels, and acts like legitimate software."

So far, it's mostly a money-making scheme, rather than a spam or bot-herding exercise. But the bad guys end up with your credit card information, so it's actually more dangerous. "They use several ways to get onto the machine -- through silent installs on emails, Google ads, IM, hacked MySpace pages, and fake video codecs that install the rogue application," he says.

The attackers are using hacked Web servers -- including some college sites -- to distribute their code, and they employ "bleeding-edge" Windows exploits as well, Moore adds. "I've seen some Websites where [rogue code] was elaborately written so it looks like a program on your local machine is saying your machine is infected." All it takes is for the user to click on a button to "clean" up the machine, and it becomes infected.

Moore says there are multiple gangs behind the rogue anti-spyware. One recent case came to a head with a class action lawsuit against WinFixer, which allegedly created dozens of these applications. The best defense is to be sure you have a legitimate security app running on your machine -- most of these tools can detect these so-called freeloader or parasite programs.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights