gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 26, 2024, 10:33:37 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  New Fake Antivirus Attack Holds Victim's System Hostage
gfx
gfxgfx
 

Author Topic: New Fake Antivirus Attack Holds Victim's System Hostage  (Read 754 times)

0 Members and 3 Guests are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
New Fake Antivirus Attack Holds Victim's System Hostage
« on: October 17, 2009, 12:15:13 pm »
http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml;jsessionid=FIWCQFEV0MTMDQE1GHRSKHWATMY32JVN?articleID=220601022

Quote
Attackers have added a new twist to spreading fake antivirus software: holding a victim's applications for ransom.

Researchers discovered a Trojan attack that basically freezes a user's system unless he purchases the rogueware, which goes for about $79.99. The Adware/TotalSecurity2009 rogueware attack doesn't just send fake popup security warnings -- it takes over the machine and renders all of its applications useless, except for Internet Explorer, which it uses to receive payment from the victim for the fake antivirus. "The system is completely crippled," says Sean-Paul Correll, threat researcher and security evangelist for PandaLabs, which found the new attack.

Correll says when the rogueware detects any application on the machine starting to execute, it then shuts down the application. "This happens for every file you try to open except IE. The only reason IE works is because that's what's used to allow victims to pay the cybercriminals," he says.

Bad guys have used ransom threats in phishing attacks and distributed denial-of-service (DDoS) attacks, but Correll says this is the first time it has been used to force users to buy rogueware. Rogueware distributors typically prompt the victim with pop-up messages, but the user can bypass the purchasing process by ignoring them or clicking through them.

Adware/TotalSecurity 2009 isn't new rogueware, but the difference is its distributors are using a more aggressive tack to ensure they make money from it. "Users are put into a Catch-22," Correll says. To free their systems, they are pressured into purchasing the package and sending their financial details to the bad guys, he says. Once the transaction is complete, they receive a serial number that releases their apps and files and can recover their information.

The good news is that, so far, this type of attack is relatively rare. And PandaLabs has posted the serial numbers for the malware application so that users can temporarily "unlock" their systems.

Rogueware has been on the rise this year, and its creators are pumping out new versions of the malware in rapid-fire. PandaLabs found 374,000 new versions of rogueware samples released in the second quarter of this year, a number the company expects to nearly double to 637,000 in the third quarter.

Correll says it's only a matter of time before other rogueware developers emulate the ransom attack. "By forcing the user to pay so quickly, they are able to maximize their profitability before getting caught and removed," he says.

You've been warned!  :gum:

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  New Fake Antivirus Attack Holds Victim's System Hostage
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.008 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!