Slashdot Mirror
Web-Users Fall For Fake Anti-Virus Scams
jhernik writes "Fearing their computers may be prone to viruses, many web-users download fake anti-virus software, only to find later that their bank details have been hacked. According to the latest research by GetSafeOnline.org, the UK's national internet security initiative, a rising nunber of organised criminal gangs are tricking security-conscious intenet-users into purchasing anti-virus software to access their bank details. Posing as legitimate IT helpdesks, these fraudsters target internet users concerned about protecting their computers. By offering free virus checks, they normally tell consumers that their machines are infected and offer fake security software protection – usually costing around £30 – which is actually malicious software in disguise." The fact that there is such a thriving market for fake AV scams really says something about the present state of the legitimate AV market.
Again. Next story please.
Most computer users are simply naive; some are downright stupid. This should be tagged: !news.
If you would like a refund for any of fake antivirus software you have already purchased, please send your bank account number, credit card number, pin number, email address, and password to ...
I would have put in a fake email address, but knowing my luck someone would fall for it.
The thriving market for fake AV scams simply means people are too cheap to pay full price for a commercial AV scanner, or too stupid to find a legit free one. Computers are appliances to 90% of the world's population, and no other appliance requires expensive upgrades to determine if it's being misused. Even without a car alarm, you'll notice if your car isn't where you parked it, but a most infected computers don't advertise as such. People know they need an AV scanner, and hey, the computer just offered them one, "Score! No need to go shopping for one!" All viruses (that aren't autonomous worms) spread based on misplaced trust or greed, and getting a cheap AV scanner appeals to both instincts.
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Seriously. This has been going on for YEARS. Why is this being posted here?
I've had to clear a few of these off co-workers' machines this year. Running Windows 7 with the latest security patches and legitimate protection software installed, and people still get infected with this crap, so it's the users installing it and not just holes in the system being exploited. The last one I removed actually replaced the Windows shell on startup with itself, disabling web browsers, regedit, and other key system software. I felt like going on a shooting spree.
cue /. superiority complex... Seriously, rather than tag as !news or PEBKAC, how about some intelligent discussion about either educating the general public or another more intelligent solution?
If "security-conscious intenet-users" are falling for this, are they really security-conscious? For quite a few years now, Geek Squad's (and any other pc repair company) prime customers are people who fall for these types of scams. This is nothing new, except to the writer of this article.
Fake AV scams say a lot more about the present state of the market economy and human psychology in general. Attempted fraud is an essential if you desire infinite growth through consumer debt.. A game of cat and mouse, like many things in nature.
For justice, we must go to Don Corleone
You gotta give it to companies like McAffee, Symantec, etc... they know how to scare people into handing over money so they are "protected". It was only a matter of time before people started to copy their methods.
At the end of the day, the computer obeys what you tell it to do. If you tell it to do stupid shit, it's going to do stupid shit.
The fix for this problem is not technical, it is social.
This article really was an eye opener!
Who would have thought that a large percentage of windows users are not technically inclined and easily tricked by scary looking windows!
Rumour has it that scissors can be fairly sharp, and fire is damn hot sometimes.
Also.. _really_ old news. This scam has been around for at least a decade. It followed closely on the success of the "YOU HAvE ONE URGENT MESSAGE" banner ad.
Windows malware is getting insane... I don't run as admin *ever* and I don't use IE so I keep pretty clean but some *really* nasty stuff has gotten through. People love to say PEBKAC and all but with some of these programs, I wouldn't be surprised if a seasoned computer person got fooled let alone a casual user. The last one I had faked a freaking bluescreen pretty convincingly, even...
check out the Mp3 Garbler I built!
“There's a sucker born every minute”
Sorry, but this will NEVER go away. It's not new, it's been around for 80,000 years.
A news flash that people are easily suckered is not news to anyone.
Do not look at laser with remaining good eye.
I work at a small computer shop and killing these things is at least 75% of the work I do. They are everywhere. Norton and Mcafee have done a fine job of making people believe that their antivirus will make them invincible and that they should believe anything that pops up on their screen talking about viruses. It's like saying "OK!" to a guy that pops out of a bush and says "OMG you have swine flu! Quick, swallow this pill!"
Colour me surprised.
I recently had to install Windows 7 at home, and decided to put Norton AV on my machine. I boot up on Windows roughly once every couple of weeks to run a specific application. So I notice Norton AV popping up loads of windows, running it's intrusive update process about bombarding me with scary looking crap prompting me to read about the "latest security threats from cyber-criminals". Hair-raising stuff, especially if you're not a computer specialist.
I'm an IT professional, and _I_ find this behaviour sleazy, unethical, annoying and slightly alarming. This is a product I paid GOOD MONEY FOR. I'm PAYING to be bullied, essentially.
So I can just imagine the average user being bullied and terrified by this crap... which is not only enriching the AV vendors, but also making regular folk like lambs to the slaughter for the forces of evil out there.
I'd say that the consumer, criminals and the AV companies are really inhabitants of one ecosystem: prey, parasites and predators respectively.
From what I can see, working at a helpdesk with a userbase of ~30000, these are on the rise again, and in the last 2 months, I've had several infections which failed to be picked up by MSE, Avast, Spybot and Sophos. This year I've had at least 1-3 infected machines a day, 5 days a week, and 90% have been the fake-av variety. They are also getting more sophisticated recently, doing more and more damage, creating local proxies, adding in rootkits, hiding in system files (instead of user profiles). So while fake-av's are old news, they are the malware of choice at the moment, and their visibility means a larger number are detected (unlike traditional malware, which Jo Bloggs fails to notice)
I love the fact that they actually get the people to PAY to infect their own computer. That's simply brilliant.
... about 4 times in the last month, someone calls us (UK) from an international number saying the computer has a virus.
The summary doesn't give much weight to it, but that's the newer news here, that there are call centres set up just to do this...
To be fair, it's not exactly easy to find a legit free AV programme. Downloading my poinson of choice, AVG, for example, requires you to navigate through the website, locate the tiny "free version" link on a series of pages, and wind through and around a whole lot of annoying screens designed to baffle/frustrate/bully you into buy a pay version.
And worse, you then have to go through this whole process again every six months when they release a new version that isn't covered by the auto updater.
I definitely consider the behaviour of companies like AVG to be partially responsible for people getting confused, frustrated, and resorting to less legitimate means.
This is why I use gopher.
There, corrected the typos .. :)
(..) how about some intelligent discussion about either educating the general public or another more intelligent solution?
History has shown that educating the public has little effect, if any. Therefore I conclude that if at any time a regular user has to make a decision about whether some software can be trusted, the method is flawed. Regardless of whether user would make the right choice or not. If a trust issue can't be decided automatically, software should be regarded as harmful & unsafe to run, period.
So any intelligent solution should focus on reliable ways to tell apart software from trusted sources (for example by using a community-maintained list of trusted vendors, and cryptography to verify downloads is genuine from one in that list), and limiting what software (trusted & untrusted) can do. Like: by default, very, very limited access rights to things like networking, persistent storage or user data, unless given more rights by administrator. For anyone that says it would cause too many warnings etc: can you explain why random game / app / desktop widget that a user runs, would need access to all user files? No idea? Yet strangely that's normally the case - sounds like a design error to me. Another example: when user selects a file to open, there's nothing stopping an app from discarding that selection & opening some other file instead (or open 2nd file behind user's back). Another design error, if you ask me - if there's an open file dialog, the apps' file access should automatically be limited (by the OS) to the user-selected file. There's many more examples like this.
That's one more reason I love Microsoft... They provide me with FREE antivirus software from a trusted source!
Those fuckers are getting REALLY crafty! Case in point... As a software developer and PC repair tech, I've seen a lot of BS from both ends of the spectrum but nothing prepared me for a "virus" that was found on a buddy's PC a few weeks ago. We were sitting around coding our Quake III mod and the small "update shield" popped up in the taskbar. The bubble popped up and said that updates were available and he needed to install them... so he did. Bad choice, my friend! A few minutes later an "Avast" bubble pops up and says that a threat has been detected. He clicked the button to stop and within a few seconds, the PC shut down. Once he managed to reboot, there were at least 10-15 Firefox windows open (ads), numerous [fake] Avast bubbles, another update shield and a shitload of warnings and error messages. He got duped. They're getting good! Thank god I run Linux for nearly everything these days!
A)bort, R)etry, I)nfluence with large hammer
Personally I always advise against any kind of spyware or adware protection. The key is twofold: Don't download anything malicious. 2. Keep programs that interface with the outside world (such as your browser) up to date. If you follow those two things then you can't get adware or spyware.
Also , most spyware/adware protection I see tremendously slows down the computer systems they are loaded on. In addition they are simply not effective because if you execute a malicious program then it can get control no matter what protection you use..........
If you want to try out a program and you aren't sure about it then use a virtual machine and just run it in that sandbox until you are sure about it. I find virtual machines useful for doing that especially if it is for programs you will seldom use..
Oh wait this is slashdot.
However, she is on a Mac, so I *presume* she is safe, except for her credit card number, which she did enter in order to buy the software. I told her to cancel her credit card and she did that and they issued her a new one. It is correct that she has no worries from the downloaded software, right? These things are always Windows-only, right? Just want to make absolutely sure. Or is there some way for them to hack her account given that she provided a credit card, and probably address and such?
--- What?
Fake AV has been around for a long time. My father fell for one of those "your system is infected" ads 5+ years ago, and I had to spend an afternoon cleaning out the crapware he bought and installed when he clicked through. Fortunately all he was out was the $40 or so for the "product"; we scanned his system with some real AV and anti-malware/spyware products to remove all the junk that piggybacked its way in, and nothing more ever came of it.
Having a general awareness of the threats represented by viruses is a requisite for vulnerability to the scam, while someone completely ignorant of computer threats wouldn't be susceptible.
The pop up comes up and the completely ignorant doesn't click on "Install" because he doesn't have an awareness of the threat, so he clicks on "No thanks." Too bad that ALSO INFECTS HIS MACHINE.
The ones I've seen install on any client click. Only hard powering (hold the power button for 10 seconds) will prevent infection at this point, so the completely ignorant are NOT going to be safe.
If you have a lot of files ending on ".dll", chances are pretty high that you have software on your system that might be harmful.
Yeah, the scams have gotten pretty sofisticated. I guess "you're infected yo!" dialogs don't cut it any more, which may actually show that there's hope afterall.
The sad thing is, this is really the best payload you can hope for.. because it's obvious!
You know you've been infected and can re-install (or try to fix if you enjoy pain).
The ones that scare me are those that are less obvious. Say if instead of turning his desktop into a billboard, the virus simply dropped in a trojan. You're now part of your favorite botnet with probably no clue you've been infected.
Dumbasses world wide have been tricked into clicking malware! And--AND HERE IS THE MOST FASCINATING PART--the malware peddlers lie to the users, telling them that they are going to scan for viruses!
The other day the "You're currently running firefox 3.6.12, click here to update to the newest version" screen popped up in a tab while I was browsing. It was a near perfect replica of the official page, and it nearly caught me.
Lavasoft has published a list of rouges that might be helpful when people see scareware. But, I guess, the only problem is make people look at this list before they buy security software
http://www.lavasoft.com/mylavasoft/rogues/latest
"cue /. superiority complex... Seriously, rather than tag as !news or PEBKAC, how about some intelligent discussion about either educating the general public or another more intelligent solution?" - by kj_kabaje (1241696) on Monday November 15, @11:28AM (#34231628)
http://www.pcreview.co.uk/forums/thread-3511888.php per your request, there's a topic on how to secure a Windows based PC as best as I know how to, point-by-point (15 of them), and, it works (because it goes into details of how malwares often work, what they use to get to you, and what you can do to stop them).
APK
P.S.=> I wrote the first model back as far as 1997-1998, for NTCOMPATIBLE.COM, & that's the "present day evolution" of that article on how to secure a Windows based PC (circa 2006-2008)... apk
Actually, I'm not so sure it's always an issue of users installing this stuff voluntarily?
The "Vundo" trojan is supposedly a leading cause of automated installations of the annoying "AntiVirus 2009/2010" fake AV packages and other garbage.
(See: http://en.wikipedia.org/wiki/Vundo)
I recently cleaned this off of a PC for a client of mine, and in their case, the original trojan horse files were found embedded in the compressed Java runtime files. So at least some of this stuff may be coming from "drive by infections" that take advantage of security flaws in older versions of the Sun JRE. Once the trojan is implanted in the JRE, it proceeds to auto download and install this other stuff.
Malware developers are getting increasingly clever in how the social engineering techniques they use to get people to install their crap. Even people who are fairly competent can be tricked. Browser makers need to realise that there's far more they could do to prevent these kinds of social engineering tricks: 1: Make it clear what a confirm() (or the equivalent in other languages) box is trying to do. Is it trying to prevent you from leaving a page? Will it redirect you? Is clicking OK the safest thing to do? Clicking cancel? No? close window? They implemented something like this for a window.unload triggered confirm and but it doesn't inform the user that what they need to click to leave the page safely.
2: Don't make update notifications spoofable! Look at things like Sitekey for examples. inform the users that update windows will always contain a phrase/image that can't be obtained by malware authors on uncompromised machines so users will know something is fake.
3: Implement a halt all button. A single button that will disable all javascript (even if there's an alert box displaying) and forcefully halt and close every active plugin. All too often something will be caught by an antivirus but the script behind it keeps running and compromises the system anyway.
I wish I had them.
Sorry, but a lot of folks are wilfully ignorant of computers and others are just incapable of learning about them properly.
I don't blame the incapable ones, they should be guided to a safer net experience on a Mac or something, where it's hard to screw up. The wilfully ignorant should be beaten in the streets!
They've invented a new system.
1. Write program to steal information.
2. ????
3. Profit!
4. Steal card information with said program.
5. ????
6. PROFIT AGAIN!
You buy your AV cd frmo the bestbuy or futureshop or compusa, etc...not off the web where someone could be a man in the middle sending you anything, if there is any application of which you MUST enforce actual hard coded data, (on a disk) that would be AV cds.
I actually even heard of someone securing their linux distro by burning certain partitions of the system to cd, and keeping that cd in the cd rom, that way they could never be rootkitted.
This one particular string of viruses has been about 75% of all my computer repairs for my private computer repair business for the last 2 years. How is this finally a story now? How does the blaster worm get hours on CNN and they maybe mentioned this once in a filler segment? This is like the end of the world in computer terms and worse than any virus I've ever seen in history and finally just now it's getting one slashdot story? Amazing.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
That is the brilliant part of the scam, you ask for money so you look legit.
Is it just me or does GetSafeOnline.org seem like a con site URL?
My mother kept receiving calls from some company claiming to be IT support and trying to get her to visit a website to update her machine as there records show it being infected. She always says that my son deals with that sort of thing and she will just not switch the computer on until I have checked it. One day they called while I was there so I spoke to them, they always mumbled the name of the company, I asked them for their company registration number as I needed to check they are a legitimate company. They try to get me to visit there website where I can see that they are legitimate, eventually they give me a number which was about 12 digits too long for a company registration number I tell them I can't find anything about them at Companies House and eventually they give.
I think that article might be scareware... they're just trying to make us click on the 'GetSafeOnline' link.
okay so we get somebodies computer to fix and after we salvage the data as best we can why don't we
1 either by slipstream or by autopatcher make sure the system is up to date as of this date ,disable MSIE and install adblock with a good patterns subscription
2 install firefox
3 Install all of the stuff that will get installed (flash a proper java acrobat reader ect) with the correct settings (to avoid some of the drive-byware problems)
4 install some sort of free antivirus and then set it to autoupdate SILENTLY
5 also install a few FLOSS programs that would work for that user
in short we can not "fix stupid" but we can make it a lot harder to break the computer
Any person using FTFY or editing my postings agrees to a US$50.00 charge
http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps , so read that, & tell us another "tall tale" there, symbolset. You make me laugh, you really do. You're such a "Linux zealot" that you can't resist spreading more of your "Pro-*NIX F.U.D." constantly, and yet you don't admit to the fact that exploits such as shown in the URL above exist on Linux and its variants. I'd also like to know an answer to these 2 questions, from you: Does javascript run on Linux in the browsers it has? Do those browsers ever get security vulnerabilities as well?? Yes to both, and thus, Linux isn't really all that "secure". It's just less targetted because less users use it. Online criminals aren't any different than say, a pickpocket: He doesn't operate where there is only a few possible victims, he operates where the crowds are (e.g.- malls, subway & train stations, etc.), & online??? That's on Windows. "Security-by-Obscurity" is what Linux enjoys in other words. Heh, I recall the MacOS X T.V. ads campaigns trying to imply that "Macs are secure, PC's are not" & once MacOS X got a lot more market share, what happened then???? Malwares for MacOS X! So, you can stop trying to be "funny" because your F.U.D. you spread may actually influence others, and wrongly via less than honorable methods.
Ironically, many of the vulnerabilities that Windows has always had - e.g., autorun on CDROMs, running emailed executables, etc. - were only done to keep things simple for naive users. Ultimately, these minor conveniences have encouraged a malware ecosystem that is far more complicated and stressful to these same users than the lack of them would ever have been.
But now there's good money to be made from frightened and confused users, both illegitimately and semi-legitimately. So the unintended consequence of ease-of-use turns out to be convenient for some, but not the novice users for whom it was originally designed.
If it popped up in his taskbar, then it already installed and was running a program (at least under his local account). Let me guess, it mimicked a Java update request?
*ding ding ding* We have a winner! After a bit of trial and error, thats the only thing we could think of. I guess you get so used to seeing it that once you finally get around to updating it, you never really know whats going on "under the hood". That's why I trust... "aptitude safe-upgrade" haha MUCH less painful!!
A)bort, R)etry, I)nfluence with large hammer
I bought some AV software a few years ago when it sai d I had a virus. Nothing bad happened to my credit card information so no big deal. The problem was a few months later another AV solution popped up and told me that I had a fake AV solution. That company stole from my account after I paid them for their services. I won't use them or recommend them again.
OK, once we managed to implant people everywhere with the analogy between a real organic virus and it's now just as common computer counterpart. People realized that it's a scary thing, and Norton Antivirus was born. I think it is time now to implant clueless moms and dads everywhere with a new idea - that buying a new pill you never seen in your life promising to cure you of cold, will most likely not do the trick. In other words, it's amazing how much people trust computer antivirus programs they never have even heard of before, but go and try to ask your mum to drink a mixture as an "antivirus" to common cold - she'll dismiss it on the spot. I think it's time we pushed the virus analogy a step deeeper - computer system is your body, would you want to experiment with unknown pills without asking some sort of authority on the subject first?
Many of you are equally foolish by declaring all of the people that get infected with Fake AV consoles to be idiots. While it's true that many people get infected by going places they shouldn't and/or clicking things that they shouldn't, these "viruses" are frequently propagated by SQL injection and CSS (Cross Site Scripting). Sometimes they aren't installed explicitly at all, and just appear on machines. They are a pervasive problem, and one that many AV programs are not adept at dealing with at all. I have found that BitDefender, Kaspersky, and Sophos are about the most reliable at removing them, but none of them are 100% effective at prevention or removal. The biggest issue is education. Social engineering is a very big part of the dissemination of spyware, trojans, and viruses. People need to get educated about these types of threats, and learn to be more wary of where they go. Even careful selection of what websites you browse isn't a surefire bet, as many times CSS attacks aren't immediately noticed, and many rather popular (and generally safe) websites become little more than unwilling dissemination points for these types of threats. I am in charge of the desktop system administrator team at my company, and most of our workers aren't all that knowledgeable when it comes to computers. Many don't have any idea that there are programs out there that masquerade as a helpful program but are really just clever attempts to steal bank and/or credit card information. In my experience, Fake AV consoles are the #1 threat that we face from an AV perspective, encompassing about 90% of our infections. We recently switched from Symantec Endpoint Protection 11.5 (Absolutely worthless, don't ever buy it) to Sophos Endpoint Protection, and our Fake AV infection rates have dropped by nearly 95%. It's that big of a difference. That coupled with education on Social Engineering tactics has helped keep our environments much safer, and resulted in a much better overall experience for users. It's easy to bag on the idiots, and there are certainly a lot of them, but you have to remember that a lot of the people did nothing wrong or especially risky, other than trusting that their AV software works as advertised. Sadly, most of the popular AV programs are TERRIBLE at eliminating these threats. AVG, MS Security Essentials, Symantec Endpoint Protection, PC Cillin, HouseCall, etc. have all proven rather unreliable against these types of threats in our enterprise and in my experience troubleshooting user machines privately as well. Ultimately this is very similar to the spread of STDs. The biggest two factors still have by far the largest impact just as they do with the spread of STDs: Education and Prevention. Just my 2 cents.
Assuming you mean Java, and not JavaScript, I have a solution.
Turn off Java in the browser. I've had it off for years ... apparently it has no Earthly use, as my browsing experience is completely unchanged. Banking, whatever ... just works.
Hit the switch, and at least for that particular issue, it's gone. For good.
Ha suckers. I have never had a problem with this. My protection software (Antivirus Pro 2010) catches everything that tries to infect my computer!
Here (in New Zealand), we've been getting a rash of phone callers telling people they're infected and asking for money. In fact me wife got just such a call last week. Fortunately she knows just enough to tell the caller to fsk off. http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10686568 I don't know if that's common in other places. We might just be a gullible bunch.
These kinds of users would probably be fooled by a phish which duplicates the look & feel of their store.
I think that eventually people will end up only doing banking and (to a lesser extent) shopping from "trusted platforms" : either the Apple-walled-garden-style ones, or from a live Linux distro booted from read-only media, set up for no data persistence. (Yes, I know neither of those is totally secure --- nothing is totally secure!)
Interesting that the only walled garden product that I can think of which Microsoft offers is its XBox gaming console. I wonder if people will start to use gaming consoles for this, and if banks will eventually start to offer "banking interface programs" which run on gaming consoles (I can just imagine someone saying "I'm tired of killing cops in GTA --- Time to hit Citibank and go to sleep.". Even funnier is the image of some clueless gamer trying to get "God mode" in his banking application.)
Bear shits in woods. Twice.
So do "legitimate" AV companies create viruses that only their AV is secure against, or haven't they considered that business model yet? Learning can go both ways.
Having worked with virus removal for some time. I am displeased to see people who are in the know about computers calling the average PC user derogatory terms especially when it comes to intelligence. I look at it this way I am not a doctor I know little to nothing about medecine does it make me a idiot because I dont know what a doctor knows? Or that (even with legitimate doctors) they make a wrong diagnosis am I a idiot because I dont pick up on it? It just seems unfair to blame the user for the actions of those who prey on them. I know a fair amount about technology, but my grandfather is altogether clueless and has fallen victim to these online scams and why wouldnt he? For all he knows of the internet and computers these applications are legit, until I educated him otherwise. Now though the game has changed it used to be a anonymous application that was the problem but now you have help desk clients like iyogi which claim to be affiliated with major OEM vendors they charge you for service, generally a fraction of the OEM cost, and if anything goes wrong and you request a refund they send you back to the OEM who obviously will not refund the victim the cost of the service.
When you dislike the human race as much as I do, Karma:Bad is inevitable lol.
I posted an article last spring on how to fix windows viruses using Unix and responders contributed information creating a very useful guide to securing windows operating systems in the most unlikely of places: a linux forum: details: http://virus.gregrank.us/ will redirect you to the article mentioned above. I have built my windows desktop AV standards around the ideas obtained from responders (with great success)