A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk.
A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk, a security expert said Tuesday.
The bogus site displays such factual information as the user's IP address, the browser being used, operating system, and country of origin. Along with that, however, the page claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also alleges that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that's collecting private data.
It's all a lie, said Patrick Hinojosa, the chief technology officer of Panda Software.
There's no such online edition of Windows Security Center -- that's actually an on-disk utility in Windows XP -- nor is there any legit malware by the name of Sinnaka.a.
But the scam is only beginning, said Hinojosa. Unlike other phishing fraudsters, these aren't after identities or even bank account numbers. Instead, they're trying to scare users enough that they click on one of the four links to purported anti-spyware tools with names like Spy Trooper, PS Guard, World AntiSpy, and Raze Spyware.
Users who click on a links to download one of these programs is told to register the program for a small fee: $10.
The fake site was slick enough to fool even Hinojosa for a moment. "I wasn't paying attention, and when I looked back at the JPEG [image screenshot] of the bogus site, I thought at first it was actually the Windows Security Center screen on my desktop," he admitted. "I had to look at it twice to tell it wasn't. This is certainly something that would fool most people. I could see my wife looking at this, and giving me a call telling me that our home computer was infected."
The four "anti-spyware" programs touted at the site aren't new to real researchers. Spy Trooper, for instance, is simply a renamed version of SpyDemolisher/SpySheriff/SpywareNo. All four are on Spyware Warrior's "Rogue/Suspect Anti-Spyware" list.
The ploy, of course, is to spook users with a bogus infection alert -- backed up by an interface that looks official -- then get them to reach for the first piece of software they see.
"Most phishing don't come via e-mail anymore," said Hinojosa, "not in the typical way we're used to, where a bank or PayPal says that you need to reactivate an account. Most come via a remote control Trojan or some kind of Web site scam, like this one."
Spam is still used to get traffic to a site -- including this one -- he added, but "the e-mail is up-front that it's selling something or directing you to a service site. Nothing up to that point is quote, unquote wrong in users' minds. They're on guard against the traditional phishing, but not this."
A cousin to "ransom-ware" -- the term some have slapped on malicious code that infects a PC, then demands money in return for cleaning up the machine or unlocking suddenly-encrypted -- this technique isn't new. The Federal Trade Commission (FTC) has been busy during 2005, in fact, with lawsuits quashing other bogus anti-spyware schemes.
In August, the FTC announced a settlementh Advertising.com, a subsidiary of AOL, which stipulated that the SpyBlaster program would disclose it came with adware. Earlier in the year, the FTC moved against Spyware Assassin and SpyKiller 2005
Even with FTC crack-downs, however, the bogus spyware approach won’t vanish. It's too lucrative.
"We're going to see a lot more like this," said Hinojosa. "Like mushrooms after a rain."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2018 State of the CloudCloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
The Next Generation of IT SupportThe workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device