Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/17/2008
01:00 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Anti-Malware Ain't Effective If It's Fake (And Plenty Of It Is!)

30 million anti-virus users can be wrong, very wrong. That's the number estimated to have installed fake anti-malware programs. Not just ineffective against malware, but malware itself!

30 million anti-virus users can be wrong, very wrong. That's the number estimated to have installed fake anti-malware programs. Not just ineffective against malware, but malware itself!Panda Security's research arm, PandaLabs, reports that more than 7,000 variations of the "disinfect your computer" adware/popup scam have struck paydirt, scaring tens of millions of users into parting with tens of millions of bucks (and pounds, marks, etc.)to clean their computers of apparent infections.

What the users are getting cleaned of is their money and personal information, of course.

Problem is -- and profit to the crooks flows from -- the fact that the programs the users purchase are the tail end of the scam.

They purchase them because they're getting messages (popup windows and other alerts) telling them that their system is infected.

And they're getting the fake popups because, of course, they are infected, having picked up "warning" spawning malware from a bad site or imprudently opened e-mail.

The warnings on their screens, and evident malware-influenced behavior of their computers, lowers their guards, opens their wallets and purses and -- presto! 30 Million users!

It's a vicious and rapidly spreading cycle, and one your employees and co-workers should be warned about now.

Fascinating -- and scary -- PandaLabs blog here about how the adware/antivirusware scam works.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.