Thousands Scammed by Online Ads
SecureWorks reports: Hackers scam thousands of PC users through online ads touting rogue antispyware
ATLANTA -- SecureWorks reported today that hackers using Russian Business Network (RBN) services, among other hosting services, have successfully scammed thousands of victims with a new and complex multi-step scam involving rogue antispyware. Reported incidents of the scam have increased 1000 percent in the last month. Complaints of the scam can be found on sites, such as castlecops, http://www.castlecops.com/postlite203174-malwarealert.html
How the Hacker Scam Works
1) Victim browses a legitimate, high-traffic website where a legitimate-appearing ad is hosted
2) Victim clicks on the page or takes some other action on the page and this initiates a pop-up warning about a suspicious problem on the victim's computer.
3) The pop-up in the previous step starts a "sales process" where a bogus anti-spyware solution is offered and sold to the victim for amounts ranging from $19.95 to $79.95 in exchange for credit card info, etc. Bogus antispyware names used in this offer include: Spy-shredder, AntiVirGear, MalwareAlarm and 40 other more obscure names.
4) The "antispyware solution" purchased either downloads a trojan, such as Zlob, that retrieves other information from the victim over time or a rootkit, allowing remote control of the victim's computer.
6) The scammer behind the bogus antispyware solution makes money from the sale of the "solution" but is mostly interested in selling the credit card numbers for money and selling access to the trojan and rootkit infected computers. Once access to the infected computers is purchased, the criminals can mine the stolen data and commit the fraud themselves or sell it to a third party. The scammers are also selling computing resources for money.
The new scam is dependent on a high degree of collaboration among a number of Internet criminals for the full "supply chain" to benefit to the greatest possible extent from the scam. The hackers behind the “badvertising” scam are randomly injecting the ads with the malicious code, making it very difficult for the website owner to predict which ads are malicious and which ads are safe.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024