informa
Commentary

Scammers Up The 'Rogueware' War

Attackers have been known to encrypt user files (such as happened with Gpcode), and then demand payment for the decryption key, for some time. These so-called rogueware, including scareware, attacks have been underway for some time. Now scammers have upped their attack tactics.
Attackers have been known to encrypt user files (such as happened with Gpcode), and then demand payment for the decryption key, for some time. These so-called rogueware, including scareware, attacks have been underway for some time. Now scammers have upped their attack tactics.Attackers have now combined and escalated these two techniques. Instead of encrypting only a few files, they're are now throwing the victim's system into a deep freeze until they purchase the rogueware that purports to unlock it.

From Kelly Jackson Higgins at DarkReading:


Researchers discovered a Trojan attack that basically freezes a user's system unless he purchases the rogueware, which goes for about $79.99. The Adware/TotalSecurity2009 rogueware attack doesn't just send fake popup security warnings -- it takes over the machine and renders all of its applications useless, except for Internet Explorer, which it uses to receive payment from the victim for the fake antivirus. "The system is completely crippled," says Sean-Paul Correll, threat researcher and security evangelist for PandaLabs, which found the new attack.

These attacks are big business, from a recent post XP Security 'Scareware' Scams Skyrocketing, and based on a research note from security appliance maker Fortinet found that there were 239,775 unique visitors to just one of the ten registered domains in use by scamsters at the time. If only a fraction of those visitors fell for the scareware scam, it could net hundreds of thousands a month.

Those types of attacks had been so successful that, as we covered about a month ago, Microsoft filed a series of five lawsuits that target malicious advertisements, which largely sell scareware:


The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company's online advertising platform.

"These ads then lead to harmful or deceptive content," said Microsoft associate general counsel Tim Cranton, in a blog post. "For example, ads may redirect users to a Web site that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer."

Now, not content with the profits of convincing users to download bogus anti-virus software (scareware) - that also often seconds as malicious keystroke sniffing malware - they've turned to virtually shutting the user out of their system until they pay-up.

Considering much profit can be made, and how easy it is to hijack legitimate Web sites to advertise scareware or even just simply trick users to download and install rogue applications, I'm afraid Correll is spot on with his analysis quoted in the DarkReading story referenced above:

Correll says it's only a matter of time before other rogueware developers emulate the ransom attack. "By forcing the user to pay so quickly, they are able to maximize their profitability before getting caught and removed," he says.

For my mobile security and technology observations, consider following me on Twitter.

Recommended Reading: