Phony Anti-Spyware Software Lures Unsuspecting Users - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
9/13/2005
04:14 PM
50%
50%

Phony Anti-Spyware Software Lures Unsuspecting Users

A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk.

A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk, a security expert said Tuesday.

Like the most dangerous and devious phishing attacks, this one is based on a Web site. Users enticed here face a fake portrayal of Microsoft's Windows Security Center.

The bogus site displays such factual information as the user's IP address, the browser being used, operating system, and country of origin. Along with that, however, the page claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also alleges that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that's collecting private data.

It's all a lie, said Patrick Hinojosa, the chief technology officer of Panda Software.

There's no such online edition of Windows Security Center -- that's actually an on-disk utility in Windows XP -- nor is there any legit malware by the name of Sinnaka.a.

But the scam is only beginning, said Hinojosa. Unlike other phishing fraudsters, these aren't after identities or even bank account numbers. Instead, they're trying to scare users enough that they click on one of the four links to purported anti-spyware tools with names like Spy Trooper, PS Guard, World AntiSpy, and Raze Spyware.

Users who click on a links to download one of these programs is told to register the program for a small fee: $10.

The fake site was slick enough to fool even Hinojosa for a moment. "I wasn't paying attention, and when I looked back at the JPEG [image screenshot] of the bogus site, I thought at first it was actually the Windows Security Center screen on my desktop," he admitted. "I had to look at it twice to tell it wasn't. This is certainly something that would fool most people. I could see my wife looking at this, and giving me a call telling me that our home computer was infected."

The four "anti-spyware" programs touted at the site aren't new to real researchers. Spy Trooper, for instance, is simply a renamed version of SpyDemolisher/SpySheriff/SpywareNo. All four are on Spyware Warrior's "Rogue/Suspect Anti-Spyware" list.

The ploy, of course, is to spook users with a bogus infection alert -- backed up by an interface that looks official -- then get them to reach for the first piece of software they see.

"Most phishing don't come via e-mail anymore," said Hinojosa, "not in the typical way we're used to, where a bank or PayPal says that you need to reactivate an account. Most come via a remote control Trojan or some kind of Web site scam, like this one."

Spam is still used to get traffic to a site -- including this one -- he added, but "the e-mail is up-front that it's selling something or directing you to a service site. Nothing up to that point is quote, unquote wrong in users' minds. They're on guard against the traditional phishing, but not this."

A cousin to "ransom-ware" -- the term some have slapped on malicious code that infects a PC, then demands money in return for cleaning up the machine or unlocking suddenly-encrypted -- this technique isn't new. The Federal Trade Commission (FTC) has been busy during 2005, in fact, with lawsuits quashing other bogus anti-spyware schemes.

In August, the FTC announced a settlementh Advertising.com, a subsidiary of AOL, which stipulated that the SpyBlaster program would disclose it came with adware. Earlier in the year, the FTC moved against Spyware Assassin and SpyKiller 2005

Even with FTC crack-downs, however, the bogus spyware approach won’t vanish. It's too lucrative.

"We're going to see a lot more like this," said Hinojosa. "Like mushrooms after a rain."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
8 AI Trends in Today's Big Enterprise
Jessica Davis, Senior Editor, Enterprise Apps,  9/11/2019
Slideshows
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Commentary
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll