Fake Antivirus Peddlers Outpacing Real AV Firms 245
An anonymous reader tips a writeup at KrebsOnSecurity.com detailing how purveyors of fake antivirus or 'scareware' programs have aggressively stepped up their game to evade detection. The posting is based on a report from Google's malware detection team (PDF). "Beginning in June 2009, Google charted a massive increase in the number of unique fake antivirus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate antivirus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent. ... In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."
Why use an unknown AV program? (Score:2, Insightful)
Re:Why use an unknown AV program? (Score:3, Insightful)
Re:Why use an unknown AV program? (Score:4, Insightful)
Even easier than that. (Score:3, Insightful)
The "scan" window pops up and tells them that they've been infected BUT IT IS OKAY because all they have to do is click here and the nice software from the friendly company will remove the nasty viruses for them.
Yay!!!
This is just a side effect of the "real" anti-virus/security businesses having no interest in reducing/mitigating the "virus" threat. It makes too much money for them.
and after my rounds this past week..... (Score:3, Insightful)
I have informed everyone I do family and friends tech support for... they must either switch to linux or a Mac with OSX. the new internet security 2010 is an evil bastard that even kills the safe mode so you have to use a Bart PE to run combifix first and then reinstall AV and run a clean.
Screw it, I'm done. Mac mini's are as cheap as a dirt cheap dell PC. and I'll install linux for them. I am done with windows support.
Re:Why use an unknown AV program? (Score:3, Insightful)
It's not a scheme, it's marketing.
Re:EXCUSE ME SIR! (Score:5, Insightful)
Pardon me sir, but this herb root extract can lower your blood pressure. Meaning that you can live a long and healthy life. It's not FDA approved but it's certified by these doctors.
It works just as well in meat space too.
Re:Why use an unknown AV program? (Score:3, Insightful)
When a person shows up to the door, people are skeptical because they don't know that person and don't have a business relationship with them.
If you already buy an expensive product from a reputable company; you are going to be far less skeptical about things you are told about that product, by that company. If you buy a new car from Ford and the 'ABS' light comes on - provided you know nothing about cars, other than how to drive them, to believe that there is something wrong with your brakes; compared to how likely you are to believe there is something wrong with your car's brakes if a stranger knocks on your door and tells you.
When people see a pop-up on their computer; they assume it's coming from Microsoft or Dell or whatever. So, they trust it.
Re:Why use an unknown AV program? (Score:4, Insightful)
Its shocking though, nobody would trust someone in the real world telling you that you need something they are providing without some kind of double check.
If someone showed up at your house and told you that your water could kill because of some microbe you have never heard of that they claim is getting into your pipes and the only way to make yourself safe is to install this helpful filter that they are selling would you believe them?
A big difference is that the fake antivirus pop-ups aren't usually trying to sell you anything, they just want you to click OK! It's easy to click OK, and, for the average [clueless] user, just clicking OK doesn't feel nearly as risky as letting a stranger into your home, or buying a mysterious product.
I think most people just do a naive, clueless sort of risk assessment. If the pop-up is telling the truth, they really need the software. If the pop-up is lying... well, they're not directly paying anything and have no idea what could go wrong, so they assume it's not a problem. Therefore, they decide to click OK to install the software. To them, it's more like some random person standing on the sidewalk telling them, "You should walk on the other side of the street; there's a dead skunk halfway up the block and you really don't want to get near it." Eventually people will learn... but it may take a few generations.
Re:This is why i love noscript and requestpolicy (Score:5, Insightful)
Generally, no. Generally, the reason is that the advertisers and their site owners rarely truly care. Have you seen the utter shit, spam, fakes, frauds that masquerade as Facebook ads, however often you click "X" and report it as "misleading / deceptive". Seriously, go to apple.com/store. Look for the neon green MacBook Air. You know, the one you can "test/review then keep for free"...
It's lip service. They. Just. Don't. Care. The advertisers are paying the bills, not you.
Doctors and celebrities (Score:3, Insightful)
Re:Three Findings (Score:3, Insightful)
Concerning #3, most of these exploits use Javascript to open a phony "scanning" window. I got one of these while reading the New York Times on my Linux machine using Firefox.
Re:and after my rounds this past week..... (Score:3, Insightful)
I have informed everyone I do family and friends tech support for... they must either switch to linux or a Mac with OSX.
Then how do they play PC games afterward?
Mac mini's are as cheap as a dirt cheap dell PC.
I just went to apple.com and dell.com; what I found disagrees with you. Mac mini: $599. Dell Inspiron 560s with Pentium dual core and 4 GB RAM: $429.
and I'll install linux for them.
Does this include installing and configuring Wine for "that one must-have app"?
Re:and after my rounds this past week..... (Score:3, Insightful)
The mini is cuter, certainly, and if you have to have OSX you have to have OSX; but the pricing is hardly equivalent for anybody willing to run linux or shove their computer under their desk.
Re:and after my rounds this past week..... (Score:3, Insightful)