Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43435
  • Total Topics: 16529
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2978
Total: 2981









Author Topic: Rogue Antivirus Programs Uses Ransom Threats (TotalSecurity, Krotten, Kenzero)  (Read 2646 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet's latest threat report has found: http://www.fortinet.com/

The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month.

Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are "infected." The user is invited to have the infection cleaned by buying the bogus TotalSecurity product.

Adding an extra layer of sophistication to its arsenal -- and no doubt aware how quickly bogus antivirus software is blocked by genuine security products -- TotalSecurity can now vary the downloads it feeds to target PC using server-side polymorphism. Put another way, the exact version downloaded to a victim's PC will constantly change which makes detection harder.

"This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," said Fortinet's threat research head, Derek Manky.

According to Fortinet, such attacks demonstrate the vulnerability of PC-based antivirus software. A layered defence would have a better chance of detecting TotalSecurity by either intercepting the initial spam used to spread it or by blocking the download website.

Once rare enough to be a curiosity, malware using threats and direct interference with a PC's operation have slowly become more common.

A previous report from Fortinet in March noted a sudden surge in the technique, about a year after the first aggressive use of ransomware in the form of the notorious Vundo Trojan. That particular piece of malware used crude encryption of a victim's files.

In July came news of the odd Krotten Trojan that disables a victim's PC in a variety of ways before asking for a tiny payment to be made to a Ukrainian mobile phone network. Two months before that researchers in Japan discovered the Kenzero porn blackmail Trojan that threatens to post a victim's embarrassing browsing history to a public website.

(PCW)


If you have a computer problem and need some help with any kind of Malware, please visit SCF "PC Help Center": http://scforum.info/index.php?action=forum



Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023