Phony Anti-Spyware Software Lures Unsuspecting Users - InformationWeek
IoT
IoT
News
News
9/13/2005
04:14 PM
50%
50%

Phony Anti-Spyware Software Lures Unsuspecting Users

A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk.

A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk, a security expert said Tuesday.

Like the most dangerous and devious phishing attacks, this one is based on a Web site. Users enticed here face a fake portrayal of Microsoft's Windows Security Center.

The bogus site displays such factual information as the user's IP address, the browser being used, operating system, and country of origin. Along with that, however, the page claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also alleges that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that's collecting private data.

It's all a lie, said Patrick Hinojosa, the chief technology officer of Panda Software.

There's no such online edition of Windows Security Center -- that's actually an on-disk utility in Windows XP -- nor is there any legit malware by the name of Sinnaka.a.

But the scam is only beginning, said Hinojosa. Unlike other phishing fraudsters, these aren't after identities or even bank account numbers. Instead, they're trying to scare users enough that they click on one of the four links to purported anti-spyware tools with names like Spy Trooper, PS Guard, World AntiSpy, and Raze Spyware.

Users who click on a links to download one of these programs is told to register the program for a small fee: $10.

The fake site was slick enough to fool even Hinojosa for a moment. "I wasn't paying attention, and when I looked back at the JPEG [image screenshot] of the bogus site, I thought at first it was actually the Windows Security Center screen on my desktop," he admitted. "I had to look at it twice to tell it wasn't. This is certainly something that would fool most people. I could see my wife looking at this, and giving me a call telling me that our home computer was infected."

The four "anti-spyware" programs touted at the site aren't new to real researchers. Spy Trooper, for instance, is simply a renamed version of SpyDemolisher/SpySheriff/SpywareNo. All four are on Spyware Warrior's "Rogue/Suspect Anti-Spyware" list.

The ploy, of course, is to spook users with a bogus infection alert -- backed up by an interface that looks official -- then get them to reach for the first piece of software they see.

"Most phishing don't come via e-mail anymore," said Hinojosa, "not in the typical way we're used to, where a bank or PayPal says that you need to reactivate an account. Most come via a remote control Trojan or some kind of Web site scam, like this one."

Spam is still used to get traffic to a site -- including this one -- he added, but "the e-mail is up-front that it's selling something or directing you to a service site. Nothing up to that point is quote, unquote wrong in users' minds. They're on guard against the traditional phishing, but not this."

A cousin to "ransom-ware" -- the term some have slapped on malicious code that infects a PC, then demands money in return for cleaning up the machine or unlocking suddenly-encrypted -- this technique isn't new. The Federal Trade Commission (FTC) has been busy during 2005, in fact, with lawsuits quashing other bogus anti-spyware schemes.

In August, the FTC announced a settlementh Advertising.com, a subsidiary of AOL, which stipulated that the SpyBlaster program would disclose it came with adware. Earlier in the year, the FTC moved against Spyware Assassin and SpyKiller 2005

Even with FTC crack-downs, however, the bogus spyware approach won’t vanish. It's too lucrative.

"We're going to see a lot more like this," said Hinojosa. "Like mushrooms after a rain."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Commentary
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Commentary
Getting DevOps Wrong: Top 5 Mistakes Organizations Make
Bill Kleyman, Writer/Blogger/Speaker,  11/2/2018
Commentary
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll