Slashdot Mirror
Web-Users Fall For Fake Anti-Virus Scams
jhernik writes "Fearing their computers may be prone to viruses, many web-users download fake anti-virus software, only to find later that their bank details have been hacked. According to the latest research by GetSafeOnline.org, the UK's national internet security initiative, a rising nunber of organised criminal gangs are tricking security-conscious intenet-users into purchasing anti-virus software to access their bank details. Posing as legitimate IT helpdesks, these fraudsters target internet users concerned about protecting their computers. By offering free virus checks, they normally tell consumers that their machines are infected and offer fake security software protection – usually costing around £30 – which is actually malicious software in disguise." The fact that there is such a thriving market for fake AV scams really says something about the present state of the legitimate AV market.
Most computer users are simply naive; some are downright stupid. This should be tagged: !news.
The thriving market for fake AV scams simply means people are too cheap to pay full price for a commercial AV scanner, or too stupid to find a legit free one. Computers are appliances to 90% of the world's population, and no other appliance requires expensive upgrades to determine if it's being misused. Even without a car alarm, you'll notice if your car isn't where you parked it, but a most infected computers don't advertise as such. People know they need an AV scanner, and hey, the computer just offered them one, "Score! No need to go shopping for one!" All viruses (that aren't autonomous worms) spread based on misplaced trust or greed, and getting a cheap AV scanner appeals to both instincts.
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Nerds of the world, it is time to unite around a new cause. It is time to write, and release, a new virus that relies on a series of incredibly stupid attack vectors - the kinds of attack vectors that only a clueless dipshit would actually fall for. The virus has only one simple payload: it uninstalls all network drivers on the machine.
After several trips to get their machine "repaired," these folks will either wise up, or give up.
Who wants to join the crusade?
If libertarians are so opposed to effective government, why don't they all move to Somalia?
Seriously. This has been going on for YEARS. Why is this being posted here?
I've had to clear a few of these off co-workers' machines this year. Running Windows 7 with the latest security patches and legitimate protection software installed, and people still get infected with this crap, so it's the users installing it and not just holes in the system being exploited. The last one I removed actually replaced the Windows shell on startup with itself, disabling web browsers, regedit, and other key system software. I felt like going on a shooting spree.
cue /. superiority complex... Seriously, rather than tag as !news or PEBKAC, how about some intelligent discussion about either educating the general public or another more intelligent solution?
If "security-conscious intenet-users" are falling for this, are they really security-conscious? For quite a few years now, Geek Squad's (and any other pc repair company) prime customers are people who fall for these types of scams. This is nothing new, except to the writer of this article.
So? Does the fact that the user made a mistake mean that this is not a problem worthy of attention? We need to find ways to make it easier to distinguish spyware that steals your personal information for criminal gangs from the legitimate software that steals your personal information for big businesses.
Fake AV scams say a lot more about the present state of the market economy and human psychology in general. Attempted fraud is an essential if you desire infinite growth through consumer debt.. A game of cat and mouse, like many things in nature.
For justice, we must go to Don Corleone
You gotta give it to companies like McAffee, Symantec, etc... they know how to scare people into handing over money so they are "protected". It was only a matter of time before people started to copy their methods.
At the end of the day, the computer obeys what you tell it to do. If you tell it to do stupid shit, it's going to do stupid shit.
The fix for this problem is not technical, it is social.
This article really was an eye opener!
Who would have thought that a large percentage of windows users are not technically inclined and easily tricked by scary looking windows!
Rumour has it that scissors can be fairly sharp, and fire is damn hot sometimes.
Also.. _really_ old news. This scam has been around for at least a decade. It followed closely on the success of the "YOU HAvE ONE URGENT MESSAGE" banner ad.
Not only is there already such a virus, the PC usually comes with it preinstalled.
Help stamp out iliturcy.
It's already pretty damn easy to identify fake AV software. Just follow this simple flowchart:
Is it advertised through a popup or an unsolicited email? > Yes > It's a scam!
Simple! This works for all products, not just fake AV.
Windows malware is getting insane... I don't run as admin *ever* and I don't use IE so I keep pretty clean but some *really* nasty stuff has gotten through. People love to say PEBKAC and all but with some of these programs, I wouldn't be surprised if a seasoned computer person got fooled let alone a casual user. The last one I had faked a freaking bluescreen pretty convincingly, even...
check out the Mp3 Garbler I built!
The problem with that is, all the ways to do this are probably _really_ bad.
I know! How about we designate microsoft, erm I mean some independant authority to decide what software is safe, and have some hardware built into all PC motherboards that verifies a piece of software has been signed before letting it run!
The _real_ problem with the trusted computing solution is that is sounds good.. which creates that deep seated fear that it might one day become a reality :(
Pre-emptive response to: "well.. it could be opt-in.. this would let people who want to run unsigned software like.. Linux.. do so at their own risk:"
It wouldn't be opt-in for long. Every justification from prevention of crime to prevention of spam would be used combined with a good amount of lobbying would eventually make it manditory.
“There's a sucker born every minute”
Sorry, but this will NEVER go away. It's not new, it's been around for 80,000 years.
A news flash that people are easily suckered is not news to anyone.
Do not look at laser with remaining good eye.
So? Does the fact that the user made a mistake mean that this is not a problem worthy of attention? We need to find ways to make it easier to distinguish spyware that steals your personal information for criminal gangs from the legitimate software that steals your personal information for big businesses.
Simple. Make javascript illegal. That'll slow those criminals down.
Colour me surprised.
I recently had to install Windows 7 at home, and decided to put Norton AV on my machine. I boot up on Windows roughly once every couple of weeks to run a specific application. So I notice Norton AV popping up loads of windows, running it's intrusive update process about bombarding me with scary looking crap prompting me to read about the "latest security threats from cyber-criminals". Hair-raising stuff, especially if you're not a computer specialist.
I'm an IT professional, and _I_ find this behaviour sleazy, unethical, annoying and slightly alarming. This is a product I paid GOOD MONEY FOR. I'm PAYING to be bullied, essentially.
So I can just imagine the average user being bullied and terrified by this crap... which is not only enriching the AV vendors, but also making regular folk like lambs to the slaughter for the forces of evil out there.
I'd say that the consumer, criminals and the AV companies are really inhabitants of one ecosystem: prey, parasites and predators respectively.
The people who really worry me are not the clueless dipshits, but the 50+ crowd who have never really used computers before, and through newly-acquired secondhand knowledge, now know just enough to be dangerous. I think they're probably the ones mostly in danger of falling for these scams. We need to keep our parents and grandparents educated and tell them just because a page shows up first in their Google search doesn't mean it's necessarily what they're looking for.
It's the same old problem and the same solution which rise every time an issue like that appear. Someone will always be able to fool the users as long as their systems are insecure.
When javascript is outlawed, only outlaws will use javascript.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
From what I can see, working at a helpdesk with a userbase of ~30000, these are on the rise again, and in the last 2 months, I've had several infections which failed to be picked up by MSE, Avast, Spybot and Sophos. This year I've had at least 1-3 infected machines a day, 5 days a week, and 90% have been the fake-av variety. They are also getting more sophisticated recently, doing more and more damage, creating local proxies, adding in rootkits, hiding in system files (instead of user profiles). So while fake-av's are old news, they are the malware of choice at the moment, and their visibility means a larger number are detected (unlike traditional malware, which Jo Bloggs fails to notice)
I love the fact that they actually get the people to PAY to infect their own computer. That's simply brilliant.
... about 4 times in the last month, someone calls us (UK) from an international number saying the computer has a virus.
The summary doesn't give much weight to it, but that's the newer news here, that there are call centres set up just to do this...
When javascript is outlawed, it won't be running in your browser so the outlaws using it can't do anything.
I'm sorry, I think you're confusing teh interwebs with Chicago...
To be fair, it's not exactly easy to find a legit free AV programme. Downloading my poinson of choice, AVG, for example, requires you to navigate through the website, locate the tiny "free version" link on a series of pages, and wind through and around a whole lot of annoying screens designed to baffle/frustrate/bully you into buy a pay version.
And worse, you then have to go through this whole process again every six months when they release a new version that isn't covered by the auto updater.
I definitely consider the behaviour of companies like AVG to be partially responsible for people getting confused, frustrated, and resorting to less legitimate means.
I think my dad fell for something like this. As far as I can ascertain, he searched for Malwarebytes, and whatever page he got to, the most conspicuous "download" link was to the scam product. So really, I can't blame him for being fooled.
The software identified some issues, but said there were more, that it would charge him for removing. Some time later, he received a phone call about it. I don't know how they got his phone number, but we do have an unusual surname.
This is the reason I clicked on the story at all. Just two weeks ago, my mother (59) called in a panic about over 300 viruses that some program found, and was about to click on the "run this executable" popup that IE gave her (my father won't let her run Firefox? Not that FF is likely to have stopped this*) when she thought to call someone. She tried to get a hold of my father, but he wasn't available, so she called me. I told her it was a scam, and to abort immediately. Not knowing really what else to do, I asked her to ensure her legitimate virus scanner was run that very night just to be sure. I think the trouble was averted, but only barely. It's an effective social hack. The question that makes it worth discussing is what, if anything, can we do technically to stop these hacks, and, in the meantime, what can we do socially to educate?
(*) I've seen the scam on Firefox, too, although that was years ago. FF may be blocking it since, I guess I don't know. But I found it funny because, of course, it looked like a bunch of Windows windows, which looked really out of place on my KDE/Linux desktop. And I knew that even if I did download it, it would be unlikely to be able to do anything (not that I did download it).
And that's why the iPad is a wonderful device. Good enough to let people get on the Web, do email, instant messaging, some games. But it's not a regular computer where you can install new drivers, etc. The so-called "average users" are the target market.
Someone will always be able to fool the users.
You're correct up to this point. Even with a mandatory hardware-based trusted computing platform, there will still be users out there being tricked into entering their banking details into a strange website (or even over the phone).
This is why I use gopher.
Agreed, this is not news for nerds; it's news for end users.
The question that makes it worth discussing is what, if anything, can we do technically to stop these hacks, and, in the meantime, what can we do socially to educate?
I think we need to show them we care by walking them through the tasks they perform day-to-day. For example, checking their email. Show them examples of what to watch out for and what file types can possibly contain viruses. For web searching, show them an example of an SEO bomb. If they have Facebook, show them examples of what to watch for in terms of malicious apps and such. And most of all...tell them to call us if they see something suspicious. And yes, though anti-virus is 99% smoke and mirrors, it's nice to have one last layer of defense in case they are tricked.
Oh, and tell them not to bank online. It's way too important to know what to look for, and if you don't, you have a much higher probability of getting owned. Nobody's going to click on their online banking notifications if they don't bank online in the first place.
Really? I thought the problem was the virus-writers and the scammers. "PEBKAC" here is blaming the victim who was innocent enough to trust.
Don't forget to blame the next car-jacking victim who pulls over to help out someone who, on the outside, seems to have broken down.
(..) how about some intelligent discussion about either educating the general public or another more intelligent solution?
History has shown that educating the public has little effect, if any. Therefore I conclude that if at any time a regular user has to make a decision about whether some software can be trusted, the method is flawed. Regardless of whether user would make the right choice or not. If a trust issue can't be decided automatically, software should be regarded as harmful & unsafe to run, period.
So any intelligent solution should focus on reliable ways to tell apart software from trusted sources (for example by using a community-maintained list of trusted vendors, and cryptography to verify downloads is genuine from one in that list), and limiting what software (trusted & untrusted) can do. Like: by default, very, very limited access rights to things like networking, persistent storage or user data, unless given more rights by administrator. For anyone that says it would cause too many warnings etc: can you explain why random game / app / desktop widget that a user runs, would need access to all user files? No idea? Yet strangely that's normally the case - sounds like a design error to me. Another example: when user selects a file to open, there's nothing stopping an app from discarding that selection & opening some other file instead (or open 2nd file behind user's back). Another design error, if you ask me - if there's an open file dialog, the apps' file access should automatically be limited (by the OS) to the user-selected file. There's many more examples like this.
These people are not the problem, the idea of giving such people full access to a full blown computer connected to a public network and running a fully fledged os designed to make such things trivial is the problem...
You don't let people drive cars, fly aircraft or do various other things unless they have received proper training, and using a computer should be no different. Such users don't need a full blown computer, they need a simplified appliance that is controlled by someone else (who knows what they're doing)... This is part of the appeal of apple's walled garden.
My grandparents have a linux box, it runs the apps they want (browser, manage photos and videos, im client, email client, music and video player) and if they want anything else they can acquire it from the ubuntu repository... They can install apps from the repositories, but can't add new repositories or execute anything they might download by hand. I configured the system and provide support and maintenance if necessary, so far it hasn't been. If they received a notice telling them their machine had malware installed and asked them to input card details, the first thing they would do is call me.
For people without technically literate grandkids, there should be paid services like this.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I completely agree.... However I get these from Symantec, McAfee and other "good" vendors. Not that this discounts your theory about it being a scam, it's just not a flat out 100% scam, only a partial scam.
That's one more reason I love Microsoft... They provide me with FREE antivirus software from a trusted source!
Those fuckers are getting REALLY crafty! Case in point... As a software developer and PC repair tech, I've seen a lot of BS from both ends of the spectrum but nothing prepared me for a "virus" that was found on a buddy's PC a few weeks ago. We were sitting around coding our Quake III mod and the small "update shield" popped up in the taskbar. The bubble popped up and said that updates were available and he needed to install them... so he did. Bad choice, my friend! A few minutes later an "Avast" bubble pops up and says that a threat has been detected. He clicked the button to stop and within a few seconds, the PC shut down. Once he managed to reboot, there were at least 10-15 Firefox windows open (ads), numerous [fake] Avast bubbles, another update shield and a shitload of warnings and error messages. He got duped. They're getting good! Thank god I run Linux for nearly everything these days!
A)bort, R)etry, I)nfluence with large hammer
Yes, for now it's good enough. But the exploits are already coming around for iOS and Android. I'm afraid given a year or two they'll be just as dangerous...and the clueless will become even more clueless as a result.
However, she is on a Mac, so I *presume* she is safe, except for her credit card number, which she did enter in order to buy the software. I told her to cancel her credit card and she did that and they issued her a new one. It is correct that she has no worries from the downloaded software, right? These things are always Windows-only, right? Just want to make absolutely sure. Or is there some way for them to hack her account given that she provided a credit card, and probably address and such?
--- What?
The walled garden approach (eg apple) works well for average users...
Linux distros with trusted repositories are a good idea too, the average user still receives the protection of getting all their software from a known trusted source while advanced users still have the flexibility available.
End users should not have root or equivalent access, they should only be able to install software from trusted sources and should defer to a third party (either someone they know, or a paid service etc) for anything more advanced.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Not looking to cause a flame war but the answer is a Mac. The security on it makes sense and most of this malware just won't run (because its for Windows), and the stuff that could can't run by itself. You actually would have to install it and enter your password for it to work.
As someone who has switched their parents to a mac I can tell you that its much easier to support as well. And they can call apple support and get helped through lots of issues.
For the trolls:
*Please note, I have indicated that macs are good for this purpose, I didn't say that it was the be all end all better then anything else solution. Above all l am not suggesting that you stop using whatever you are using.
~Petaris "The world is open. Are you?"
Fake AV has been around for a long time. My father fell for one of those "your system is infected" ads 5+ years ago, and I had to spend an afternoon cleaning out the crapware he bought and installed when he clicked through. Fortunately all he was out was the $40 or so for the "product"; we scanned his system with some real AV and anti-malware/spyware products to remove all the junk that piggybacked its way in, and nothing more ever came of it.
It's a good idea, but only when combined with competition...
Putting everything in the hands of microsoft would be an absolutely terrible idea, but having multiple locked down devices catering to average users would be far better, and then you could still have other providers producing equipment for the geek niche market....
Look at android for a good example, the average consumer buys a locked down phone while people who understand and can take advantage of a rooted android device can either buy handsets like the nexus one or jump through hoops to unlock other devices. There are a whole host of devices available so you aren't forced to place your trust in a particular vendor.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Having a general awareness of the threats represented by viruses is a requisite for vulnerability to the scam, while someone completely ignorant of computer threats wouldn't be susceptible.
The pop up comes up and the completely ignorant doesn't click on "Install" because he doesn't have an awareness of the threat, so he clicks on "No thanks." Too bad that ALSO INFECTS HIS MACHINE.
The ones I've seen install on any client click. Only hard powering (hold the power button for 10 seconds) will prevent infection at this point, so the completely ignorant are NOT going to be safe.
The over fifties have lived long enough to have at least some chance of having acquired some wisdom about trust and overconfidence. They also sometimes know a hell of a lot more than you give them credit for and are often willing to listen to reason. More dangerous are the twenty-something know-it-alls who are utterly confident of their own abilities because, after all, they "grew up in the digital age" (that is, they were taught how to misuse Excel in school and have had a cellphone since they were four).
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Firefox can get them. I had a user get hit with this about a month ago. Luckily I had gone over fake anti-virus with them during in-service so they knew what they were looking at. The called me because even if the quit Firefox the next time they ran it the fake av came up again. Clearing the cache and re-setting the home page was the fix.
So yes, it can still happen unfortunately.
~Petaris "The world is open. Are you?"
/to you and bert64:
I really think what you're doing is good, with one exception...if your parents are only using their computers at home, then that's fine, but what if they need it at work, or if they for whatever reason need to use a public terminal? They are going to have to possess some capability to use the Windows operating system safely. I'd much rather take the time to show them how to use their computer effectively in a way that may apply to other situations rather than just when they happen to be sitting down at their desk.
I've seen the same popup on Ubuntu.
Now, hah ha, I'm such an awesome user because I use Linux, but seriously, the thing we have to remember is these popups look good. Not "huh, 1997 emailed and said they wanted their msgbox back" but "holy shit Windows is flipping the fuck out! ...wait, I'm not running Windows on this box. What the fuck is going on here?" If you haven't seen it, it's an awesome piece of chicanery that uses open / save API to read your files -- I shit you not, even on Ubuntu since it only requires read access -- and tells you that your own files are at risk. Compound this with the MacAfee Heel: most OTS boxes come with MacAfee installed at least as a demo. The bad guys know this and know that they can dupe the users, or at least enough of the users to make some serious bank.
Personally, I would pocket the 30 Euro and call it a day, since its not a crime to write shitty software.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
If you have a lot of files ending on ".dll", chances are pretty high that you have software on your system that might be harmful.
Yeah, the scams have gotten pretty sofisticated. I guess "you're infected yo!" dialogs don't cut it any more, which may actually show that there's hope afterall.
The sad thing is, this is really the best payload you can hope for.. because it's obvious!
You know you've been infected and can re-install (or try to fix if you enjoy pain).
The ones that scare me are those that are less obvious. Say if instead of turning his desktop into a billboard, the virus simply dropped in a trojan. You're now part of your favorite botnet with probably no clue you've been infected.
I think it's the tweens & teens who are the biggest problem. They appear not to give a fuck at all. When asked why they install and run every single facebook app on the planet, and why they need so many idiotic cursors and smileys, the response generally goes something like "check it out, it's so cool though. What's the problem?"
If libertarians are so opposed to effective government, why don't they all move to Somalia?
Or even better: my father (+65 and founder of a medium business) took his new MacBook to the office and showed it to the IT guy: "Hey , look how safe this thing is: and it even works with the printer without installing anything...".
Now 4 years later there is no sight of Windows...
Again, this is of course only applicable to this situation. Stick to Windows in your environment if it works of course!
For your parents, during your next visit, theme firefox to look like IE, move bookmarks over, and then replace the IE icon on the desktop, start menu, etc with new links that all point to firefox. they probably won't be able to tell the difference, and then you can use popup blocker.
IE 8 isn't to bad, if they won't go for the previous suggestion. IE 8 at least has pop blockers. I have to keep IE 8 around at work, as Chrome lacks certain features, and renders some websites unusable.(damn IE only sites)
(before I get flamed Chrome lacks basic features like the ability to add margins to printed pages. it is tough to print some pages(like UPS labels) if you can't push the margins correctly.)
i thought once I was found, but it was only a dream.
At least you can throw parental controls at that problem. 50+ers need unfettered access to the internet if they want to get anything done.
Maybe he searched for "Malware" and found what he was looking for...
Brain surgery - it's not rocket science!
Dumbasses world wide have been tricked into clicking malware! And--AND HERE IS THE MOST FASCINATING PART--the malware peddlers lie to the users, telling them that they are going to scan for viruses!
Lavasoft has published a list of rouges that might be helpful when people see scareware. But, I guess, the only problem is make people look at this list before they buy security software
http://www.lavasoft.com/mylavasoft/rogues/latest
As opposed to the teenage dipshits who are attacked by glittery "plugins" for their MySpace page. Most people are completely clueless about how they get attacked - It's got nothing to do with age at all.
Um, yeah, the big difference between surfing the internet and driving on the interstate is that nobody dies when the computer crashes.
My father-in-law is a fifty something and he's utterly retarded when it comes to computers. He's fallen for this crap before, which is why I got his family to throw in for a Mac MIni last Christmas. Now, instead of him calling for help when some virus wrecks his shit, he calls for help with burning a CD from iTunes. I'll take the latter, thanks.
Then again, the guy is pretty dumb all around, not just with computers...
That's a slightly different problem. A quick google search for "Malwarebytes" shows legitimate results for at least the first 3 pages (I can't even find download links on any of those pages for scam products... though adblock plus may be interferring slightly). The problem I've seen with quite a few of the recent virii is that they redirect all the pages you can download malwarebytes from (and other legitimate anti-virus product pages) to fake pages offering an anti-virus scam. I can't really blame somebody for being fooled by that despite the URL change and the fact that the page is for a completely different product than the link, but that is still less than the average user will recognize. Regardless, if the malwarebytes pages are showing scam products it probably means the computer is already compromised.
Ah, but you forget - to others, who have more power and wealth, [b]you[/b] may be considered an "end user".
FC Closer
For your parents, during your next visit, theme firefox to look like IE, move bookmarks over, and then replace the IE icon on the desktop, start menu, etc with new links that all point to firefox. they probably won't be able to tell the difference
And this is the difference between a geek and an insufferable dick. Respect.
So, you're going to train everyone, every time a new attack vector/ad/clickbomb comes around?
Rather than tell them not to bank online (Are you fucking kidding me?!?!), try telling them if they want to be secure and not have their bank info stolen/cleaned out, then don't use Windows/IE. Since that is what EVERY scam uses. You can argue that using other platforms will have this eventually, but no others do right now. You can argue that Windows is more secure than others, but no other OSes have this scam. You can argue that Windows is more common/well known/familiar, BUT NO OTHER OS HAS THESE SCAMS.
A car analogy: If the Crown Vic was a horribly unreliable car and could kill them if they used the turn signal wrong, you'd never let them buy it. Why would you let them get robbed by using Windows/IE?
There are two types of people in the world: Those who crave closure
For a new/elderly user, I submit to you that the correct answer is that they should not use a public terminal. That's just asking for trouble for even the most experienced of users.
Actually, I'm not so sure it's always an issue of users installing this stuff voluntarily?
The "Vundo" trojan is supposedly a leading cause of automated installations of the annoying "AntiVirus 2009/2010" fake AV packages and other garbage.
(See: http://en.wikipedia.org/wiki/Vundo)
I recently cleaned this off of a PC for a client of mine, and in their case, the original trojan horse files were found embedded in the compressed Java runtime files. So at least some of this stuff may be coming from "drive by infections" that take advantage of security flaws in older versions of the Sun JRE. Once the trojan is implanted in the JRE, it proceeds to auto download and install this other stuff.
I'm sorry, I thought we were joking around. Are you actually suggesting we outlaw javascript?
This is I think the whole "browser as an application platform" thing we've had going for the last few years.
I know, I know, we need advances and you web programmer types can do some great things with your languages these days. But it's no longer just a browser at that point, is it? And when it gets to interact with the OS on various levels, and when there are holes (which there always are) bad things happen. The fact that web-apps and their multitude of up-popping windows can and do frequently look the same as messages from the OS is probably not a very good thing. I know, we can't stop people faking it with images, but IMHO some sort of inbuilt restrictions on the appearance of web-originating content vs local programs would be a good thing.
Malware developers are getting increasingly clever in how the social engineering techniques they use to get people to install their crap. Even people who are fairly competent can be tricked. Browser makers need to realise that there's far more they could do to prevent these kinds of social engineering tricks: 1: Make it clear what a confirm() (or the equivalent in other languages) box is trying to do. Is it trying to prevent you from leaving a page? Will it redirect you? Is clicking OK the safest thing to do? Clicking cancel? No? close window? They implemented something like this for a window.unload triggered confirm and but it doesn't inform the user that what they need to click to leave the page safely.
2: Don't make update notifications spoofable! Look at things like Sitekey for examples. inform the users that update windows will always contain a phrase/image that can't be obtained by malware authors on uncompromised machines so users will know something is fake.
3: Implement a halt all button. A single button that will disable all javascript (even if there's an alert box displaying) and forcefully halt and close every active plugin. All too often something will be caught by an antivirus but the script behind it keeps running and compromises the system anyway.
They've already had a year or two.
iOS is 3+ years old (June 2007). It's had an SDK for 2.5 years (Mar 2008)
Android is 1.5 years old (April 2009). It's had an SDK for 1+ year (Sept 2009)
Why do they need another year or two? Or are you just spewing made up BS?
There are two types of people in the world: Those who crave closure
You don't want that. Having "licenses" to surf the Internet means it is easier to have people's access pulled if they are suspected of a copyright/trademark/patent violation. It makes it easier to yank access to people or even whole groups, then answer questions later.
Instead, operating systems should primarily install software from repositories. Web browsers should never be the interface where users download programs. Instead, they should be pointed to the application on a known good repository (if on a UNIX), or a store (if on Mac/Windows), and download/install it from that. This way, if someone is asked to install some dubious antivirus, it won't be present on a store (either not approved, or the store admins would have pulled it), as opposed to getting binaries from anywhere there is a website.
Of course, this doesn't mean locking things down where the only way to get things is from a store or repository. However, having this be the default will make getting stung by drive-by malware a lot harder.
Not only is there already such a virus, the PC usually comes with it preinstalled.
Let me guess ... You are referring to Norton 360 or McAfee?
Flappinbooger isn't my real name
I wish I had them.
Sorry, but a lot of folks are wilfully ignorant of computers and others are just incapable of learning about them properly.
I don't blame the incapable ones, they should be guided to a safer net experience on a Mac or something, where it's hard to screw up. The wilfully ignorant should be beaten in the streets!
I think windows was what he meant
They've invented a new system.
1. Write program to steal information.
2. ????
3. Profit!
4. Steal card information with said program.
5. ????
6. PROFIT AGAIN!
Well, you can surely guess what could happen to some people when their bank account details are stolen by scammers like those FakeAV publishers, and the bank puts the account on hold or closes it because of the debt. Not everyone has a good enough insurance to cover this and all the nasty "collateral damage".
Jicehix
You buy your AV cd frmo the bestbuy or futureshop or compusa, etc...not off the web where someone could be a man in the middle sending you anything, if there is any application of which you MUST enforce actual hard coded data, (on a disk) that would be AV cds.
I actually even heard of someone securing their linux distro by burning certain partitions of the system to cd, and keeping that cd in the cd rom, that way they could never be rootkitted.
It isn't always that easy. Look up "Think Point".
I was using Google image search (looking at farm machinery). Clicking on an image (from Google) my machine (Win 7, MSE running, firewalled) paused and then Firefox disappeared. I was left with what appeared to be the Microsoft Security Essentials screen, stating the site had a trojan and it needed to look up the solution.
A second later the MSE screen says it found the solution and click next to clean the system. At that point I became skeptical. Using Task Manager I found it wasn't MSE and killed the processing generating the fake (but realistic) screen. Found the .exe files that were already downloaded and set to run on the next boot. Deleted new registry entries. Shortcuts in the start menu and taskbar.
So, having done nothing but navigate to a page through Google - using Firefox - I already had .exe downloaded and registry changes. Neither Firefox nor Google had it flagged as an attack site. Where did that vulnerability come from... Flash, Media Player ? I don't know. The point being that it isn't always that simple anymore. And I would not expect the average user to drop to the Task Manager and find it in progress.
If you're going to reply about using Linux, save it. I've run plenty of *nix systems where I can. But in the real world a lot of business simply must be done using Windows.
So, are you claiming that the IT guy didn't know that Macs existed? In 2006? Really? I'm not sure your story says what you think it does. Because the only logical take away from it would be that the IT guy got fired.
Quis custodiet ipsos custodes?
We all want to take root away from Joe Sixpack whose machine pollutes our corner of the Internet with botnets because he cannot be separated from his nudie pics, so he installs any and all "codecs" and "viewers" imaginable.
However, someone has to have admin authority. Do we trust Apple and Microsoft 100% with it? Do we trust the cellular carriers or the phone makers 100% never to do anything like pushing out code behind our backs, or removing features to charge for them?
This can't be answered in black or white. Probably the best system is shipping the machine locked down, with a way to unlock it for people with a clue. However, how high this speedbump needs to be to keep Joe Sixpack in the walled garden can be debated. Some would say that a warning dialog after entering a command at a command prompt is enough. Others think a physical switch that allows developers to write on ChromeOS hardware is good. Still others think that doing the OLTP method and having users register with the distributer for an override key is the best. Of course, there are those who believe no user ever should have root/admin in any way, shape or form; and just sit down, shut up, buy, and obey.
Not only is there already such a virus, the PC usually comes with it preinstalled.
Let me guess ... You are referring to Norton 360 or McAfee?
I think windows was what he meant
Awwww... come on, windows pc will usually get on the internet properly at least when first set up, and I've seen norton a/v immediately break the networking on a perfectly working windows pc - more than once.
However, I do see your point windows was probably what he meant.
Flappinbooger isn't my real name
if they want to be secure and not have their bank info stolen/cleaned out, then don't use Windows/IE. Since that is what EVERY scam uses.
Seems to me that if a phish arrives at my email account, and I open it up using the default email client, and I click the http link that says "your banking details need to be updated", and I fill in all my personal financial information in the resulting web page ... I'm equally boned whether I'm using Windows, MacOS, or Linux.
Same goes for when a former Nigerian oil minister contacts me to assist with a large funds transfer. Some goes for any number of other social engineering scams that don't rely on any specific technology platform.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
My mother kept receiving calls from some company claiming to be IT support and trying to get her to visit a website to update her machine as there records show it being infected. She always says that my son deals with that sort of thing and she will just not switch the computer on until I have checked it. One day they called while I was there so I spoke to them, they always mumbled the name of the company, I asked them for their company registration number as I needed to check they are a legitimate company. They try to get me to visit there website where I can see that they are legitimate, eventually they give me a number which was about 12 digits too long for a company registration number I tell them I can't find anything about them at Companies House and eventually they give.
Not looking to cause a flame war but the answer is a Mac. The security on it makes sense and most of this malware just won't run (because its for Windows), and the stuff that could can't run by itself. You actually would have to install it and enter your password for it to work.
As someone who has switched their parents to a mac I can tell you that its much easier to support as well. And they can call apple support and get helped through lots of issues.
For the trolls: *Please note, I have indicated that macs are good for this purpose, I didn't say that it was the be all end all better then anything else solution. Above all l am not suggesting that you stop using whatever you are using.
This article is talking about malware that is installed by the user, so the Mac is no help there. They are talking about situations where the malware writers have even set up helpdesks to help the users install the malware.
Macs are perfectly fine computers. Overrated, but perfectly fine. They are not any better at solving this particular problem than any other computer that has ever been on the market.
When I was working for Siemens, we had to use IE6 which is a major PITA as you can imagine. So I get and theme Firefox mobile. No one has spotted the difference while I was working there.
Yet as parents go, I still prefer installing Linux and explaining them the basics. And no, it's not harder for them neither to install (I do it anyway, no matter the OS) nor to use (Web pages here, chat there, photos in this folder). Should problems occur, I've set up reverse SSH with VNC port forwarding -- I live in a different country so that's an important thing for me.
As for threat like these -- I don't think we'll see something similar for Linux for the next years to come. Be it because of small market share as some people claim -- I don't care. Here and now my parents are safe and I don't see the situation changing soon. In fact, Linux is participating in arms' race for a long time -- there is simply no sword to hit its ever-improving shield.
All kidding aside, a lot of web based malware does do an incredibly good job of mimicking windows file manager and/or windows pop-ups. It's not fair to say a user is a lamer because they clicked something - especially when pop-ups are so frigging commonplace in desktop environments.
EULAS, errors, inane install programs, they all want the user to read and click 10 times and it's friggin annoying. People just click to make it go away and don't even bother to read it. Hallf the time the dialogs are undecipherable ('blah cause a general protect fault'.. etc); this means nothing to the average user except maybe 'I hurled so restart something'.
If you want to crusade against something, blame microsoft. They are the ones allowing maware to propogate so readily; they could stop it if they wanted to but they don't.
boycott slashdot February 10th - 17th check out: altSlashdot.org
I think that article might be scareware... they're just trying to make us click on the 'GetSafeOnline' link.
okay so we get somebodies computer to fix and after we salvage the data as best we can why don't we
1 either by slipstream or by autopatcher make sure the system is up to date as of this date ,disable MSIE and install adblock with a good patterns subscription
2 install firefox
3 Install all of the stuff that will get installed (flash a proper java acrobat reader ect) with the correct settings (to avoid some of the drive-byware problems)
4 install some sort of free antivirus and then set it to autoupdate SILENTLY
5 also install a few FLOSS programs that would work for that user
in short we can not "fix stupid" but we can make it a lot harder to break the computer
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Ok, point taken. every AV scam. instead of every scam.
There are two types of people in the world: Those who crave closure
Firefox is not immune.
Pretty much, if you're letting Javascript/Flash run from every site you visit (and the dozen or so "associated" sites that the original site pulls content from), you're going to get hacked... monthly. Depending on your luck and whether any ad networks on sites you frequent are serving up malicious ads. The wider variety of sites that you visit, the riskier it gets. But even the big mainstream news sites have served up malware.
NoScript + FlashBlock = the only sane way to browse any more
(with a very small, as small as you can make it and still access the sites, whitelist)
The bad actors are getting closer to completely destroying the rich ad ecosystem. It's gotten continually worse for a few years now. Makes one wonder how much worse it can get before either the users revolt or browser makers are forced to switch to run-only-if-whitelisted.
(I've had a few people this month inquire into learning NoScript/FlashBlock after their machines got infected multiple times in the course of a month.)
Wolde you bothe eate your cake, and have your cake?
Ironically, many of the vulnerabilities that Windows has always had - e.g., autorun on CDROMs, running emailed executables, etc. - were only done to keep things simple for naive users. Ultimately, these minor conveniences have encouraged a malware ecosystem that is far more complicated and stressful to these same users than the lack of them would ever have been.
But now there's good money to be made from frightened and confused users, both illegitimately and semi-legitimately. So the unintended consequence of ease-of-use turns out to be convenient for some, but not the novice users for whom it was originally designed.
If it popped up in his taskbar, then it already installed and was running a program (at least under his local account). Let me guess, it mimicked a Java update request?
*ding ding ding* We have a winner! After a bit of trial and error, thats the only thing we could think of. I guess you get so used to seeing it that once you finally get around to updating it, you never really know whats going on "under the hood". That's why I trust... "aptitude safe-upgrade" haha MUCH less painful!!
A)bort, R)etry, I)nfluence with large hammer
Lets consider though, if you did setup your parents/grandparents/whatever with linux. If they ran ubuntu, and a window (in firefox) popped up saying they were infected, would they still not fill in their credit card info? I realize it would look like a "windows" window, as do you, but would that really stop the clueless?
Maybe, but probably not. I'm not saying running linux won't make them at least a LITTLE more secure, but I doubt it would solve this issue in all cases, either. If anything, the popup blocker might. Maybe :)
Every fake AV pop I've seen is from IE being the underlying display system in Windows. So I don't think this would happen in Linux or Mac or any handset except WP7.
There are two types of people in the world: Those who crave closure
So far the only "trick" I've found to help keep the "panicky" users from pwning themselves is to use the free Comodo AV or Internet Security because by default it'll not only shut down those kinds of "apps" but sandbox them as well, so even if Granny tries to force it unless you knows how to get into the Comodo system settings and disable the sandbox (doubtful) then anything she does simply won't stick.
Add in Comodo Time Machine (also free) for when Granny somehow manages to corrupt Win32.dll in XP (I still haven't figured out how some folks keep doing that) and it makes the machine pretty much a toaster with a screen. When my GF forgot to log off before work and her niece came over and totally hosed her desktop it took me less than 15 minutes by phone to walk her through a complete restore via Comodo Time Machine.
While Windows Vista and 7 are better about security, as you pointed out it is often the USER not the OS that does the machine in, and using Comodo is pretty much as close as I've come to a "No no, bad monkey!" button for PCs.
ACs don't waste your time replying, your posts are never seen by me.
OK, once we managed to implant people everywhere with the analogy between a real organic virus and it's now just as common computer counterpart. People realized that it's a scary thing, and Norton Antivirus was born. I think it is time now to implant clueless moms and dads everywhere with a new idea - that buying a new pill you never seen in your life promising to cure you of cold, will most likely not do the trick. In other words, it's amazing how much people trust computer antivirus programs they never have even heard of before, but go and try to ask your mum to drink a mixture as an "antivirus" to common cold - she'll dismiss it on the spot. I think it's time we pushed the virus analogy a step deeeper - computer system is your body, would you want to experiment with unknown pills without asking some sort of authority on the subject first?
There are several worms for iOS spreading in the internets already, the only reason they haven't been attacked more is the fact that Windows PC's are far more lucrative and populous targets for malware writers.
" ... Compound this with the MacAfee Heel: most OTS boxes come with MacAfee installed at least as a demo. ..."
You've inadvertently hit the nail on the head. The scam is simple and effective because it exploits human logic. I've noticed most /.'ers think that users are naive, or clueless, or worse, but they're missing the beauty of the scam because they can't think like a non-sophisticated user ... they're beyond it and don't have the same mindset anymore.
But, to get to the point, the PC comes pre-installed with some kind of AV, in demo mode. It works for a while, then times out or goes to some limited functionality. This is the AV vendor's only real means to get a license sold. I would bet that pretty much every user that falls for this scam has at least considered buying the demo up to full functionality, but balk at the cost.
Along comes Mr Fake AV. The user knows they have no or limited AV protection. They know everyone says they need some protection. The crooks know that all they have to do is price their scam SW lower than whatever McAffee (or whomever) wants for the demo to go licensed. McAffee has helped this transaction by setting the bar price-wise, and the scammer knows ALL the users have been exposed to the price via the demo, so he also knows ALL the users will see it as a bargain. Bingo. Hook, meet Line and Sinker.
Many of you are equally foolish by declaring all of the people that get infected with Fake AV consoles to be idiots. While it's true that many people get infected by going places they shouldn't and/or clicking things that they shouldn't, these "viruses" are frequently propagated by SQL injection and CSS (Cross Site Scripting). Sometimes they aren't installed explicitly at all, and just appear on machines. They are a pervasive problem, and one that many AV programs are not adept at dealing with at all. I have found that BitDefender, Kaspersky, and Sophos are about the most reliable at removing them, but none of them are 100% effective at prevention or removal. The biggest issue is education. Social engineering is a very big part of the dissemination of spyware, trojans, and viruses. People need to get educated about these types of threats, and learn to be more wary of where they go. Even careful selection of what websites you browse isn't a surefire bet, as many times CSS attacks aren't immediately noticed, and many rather popular (and generally safe) websites become little more than unwilling dissemination points for these types of threats. I am in charge of the desktop system administrator team at my company, and most of our workers aren't all that knowledgeable when it comes to computers. Many don't have any idea that there are programs out there that masquerade as a helpful program but are really just clever attempts to steal bank and/or credit card information. In my experience, Fake AV consoles are the #1 threat that we face from an AV perspective, encompassing about 90% of our infections. We recently switched from Symantec Endpoint Protection 11.5 (Absolutely worthless, don't ever buy it) to Sophos Endpoint Protection, and our Fake AV infection rates have dropped by nearly 95%. It's that big of a difference. That coupled with education on Social Engineering tactics has helped keep our environments much safer, and resulted in a much better overall experience for users. It's easy to bag on the idiots, and there are certainly a lot of them, but you have to remember that a lot of the people did nothing wrong or especially risky, other than trusting that their AV software works as advertised. Sadly, most of the popular AV programs are TERRIBLE at eliminating these threats. AVG, MS Security Essentials, Symantec Endpoint Protection, PC Cillin, HouseCall, etc. have all proven rather unreliable against these types of threats in our enterprise and in my experience troubleshooting user machines privately as well. Ultimately this is very similar to the spread of STDs. The biggest two factors still have by far the largest impact just as they do with the spread of STDs: Education and Prevention. Just my 2 cents.
You're going to have to provide sources to make that sort of wild claim. Otherwise, you're full of shit.
The only 'worm' I've seen in the wild is one that runs on jailbroken iOS, with SSH installed, with the default root password.
There are two types of people in the world: Those who crave closure
Installing dodgy apps and getting a virus is not the same as handing over your bank details, I'm yet to find a 20 something year old fall for a Nigerian scammer.
I personally think the problem is because all legitimate companies do too much for the user and are too proactive about trying to liberate the users money from them. no longer do you go on line, go to your favorite website and purchase goods or do any research at all before parting with your money. Too many legitimate companies spam your email with "hot deals" and "go to our website and spend more cash". if you want service, you should either research or ask a professional, but the mentality today is to just go with what the marketing department of that company suggest and find something with "sale" written on it. why think for yourself when all you have to do is enter your credit card details and receive goods?
That's right, all life's problems are because of the marketing and sales departments, that's my philosophy anyway.
This is great because it stops people buying stupid shit from even legitimately run business because they received a flier with 'sale' written on it.
I've worked with end users that had access to power tools and the desire to use them. There is no limit to the dumn fucking themng sht eht do .
No, really, there was one time when they thought a bridge didn't look strong enough so they drilled and tapped a hole in the bottom and added mild steel... to a marine-grade Aluminium superstructure that had been designed by a team of professional engineers. So yeah, don't make the mistake of thinking "Nah, they couldn't possibly..." and I never do. Actually, one end user was a wolverine that sheared off a stainless antenna with the cleanness of a laser. That was pretty cool.
A lot of /. users are condescending to new computer users. But now computers are applicances like toasters or microwaves or consumer goods like cars or jackets. You buy whatever one looks the shiniest with the features you like. Gone forever are the days when you had to put together your own, swap around jumpers, and get something that worked that you built on your own. (I know, for high-performance stuff you still do, sometimes, but for 99% of users it's just as good to get a "gamer" package from Alienware -- whoops, I mean Dell -- if you want to game.) Anyone can get a computer and get online, and access FB and porn and email and /. and WoW and /b/ and usenet and PB and mediafire and wikipedia and netflix and youtube and everything else. That's something like 90% of users.
That 90% is the group that are the power users now. They use more bandwidth and have more raw computer power at their disposal than everyone on /. (and I've had access to a supercomputer)
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Assuming you mean Java, and not JavaScript, I have a solution.
Turn off Java in the browser. I've had it off for years ... apparently it has no Earthly use, as my browsing experience is completely unchanged. Banking, whatever ... just works.
Hit the switch, and at least for that particular issue, it's gone. For good.
Ha suckers. I have never had a problem with this. My protection software (Antivirus Pro 2010) catches everything that tries to infect my computer!
Why do they need another year or two? Or are you just spewing made up BS?
Why are you flamebaiting me? It's not a big problem right now, short of a few well-publicized apps. I just guessed that in probably a year or two more crimeware sellers would start including malicious apps in their kits.
Thanks. That Anonymous Coward fellow rotates between jack-ass and informative and insightful all in one thread. :-D
Disabling Norton 360 is usually my first step to troubleshoot a system.
Here (in New Zealand), we've been getting a rash of phone callers telling people they're infected and asking for money. In fact me wife got just such a call last week. Fortunately she knows just enough to tell the caller to fsk off. http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10686568 I don't know if that's common in other places. We might just be a gullible bunch.
But it also doesn't leave them a mangled, charred mess, either.
good analogy I've heard is: Windows is like a submarine with screen door, and guess who gets paid to scoop out the water?
"People don't want to learn linux" hasn't been a valid excuse since '03.
These kinds of users would probably be fooled by a phish which duplicates the look & feel of their store.
I think that eventually people will end up only doing banking and (to a lesser extent) shopping from "trusted platforms" : either the Apple-walled-garden-style ones, or from a live Linux distro booted from read-only media, set up for no data persistence. (Yes, I know neither of those is totally secure --- nothing is totally secure!)
Interesting that the only walled garden product that I can think of which Microsoft offers is its XBox gaming console. I wonder if people will start to use gaming consoles for this, and if banks will eventually start to offer "banking interface programs" which run on gaming consoles (I can just imagine someone saying "I'm tired of killing cops in GTA --- Time to hit Citibank and go to sleep.". Even funnier is the image of some clueless gamer trying to get "God mode" in his banking application.)
However, someone has to have admin authority. Do we trust Apple and Microsoft 100% with it? Do we trust the cellular carriers or the phone makers 100% never to do anything like pushing out code behind our backs, or removing features to charge for them?
Which is exactly why we need competition, a controlled system would be absolutely horrendous if it was controlled by a single entity or a self serving cartel... We need choices for who manages systems, ranging from big multinationals like Apple, your local computer store, the it dept at your company, a non profit, even your geeky friends or relatives...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Whatever, troll. It was an innocent comment. The fact that it was poorly worded is a problem for no one but you.
Having worked with virus removal for some time. I am displeased to see people who are in the know about computers calling the average PC user derogatory terms especially when it comes to intelligence. I look at it this way I am not a doctor I know little to nothing about medecine does it make me a idiot because I dont know what a doctor knows? Or that (even with legitimate doctors) they make a wrong diagnosis am I a idiot because I dont pick up on it? It just seems unfair to blame the user for the actions of those who prey on them. I know a fair amount about technology, but my grandfather is altogether clueless and has fallen victim to these online scams and why wouldnt he? For all he knows of the internet and computers these applications are legit, until I educated him otherwise. Now though the game has changed it used to be a anonymous application that was the problem but now you have help desk clients like iyogi which claim to be affiliated with major OEM vendors they charge you for service, generally a fraction of the OEM cost, and if anything goes wrong and you request a refund they send you back to the OEM who obviously will not refund the victim the cost of the service.
When you dislike the human race as much as I do, Karma:Bad is inevitable lol.
Yeah, that was an innocent comment.
Gee, these platforms that have existed for several years now are SURE to have exploits just like Windows does. Any day now!
You're a douchebag and just can't admit it.
There are two types of people in the world: Those who crave closure
You're a douchebag and just can't admit it.
Something tells me you're craving attention. I don't know why...
I posted an article last spring on how to fix windows viruses using Unix and responders contributed information creating a very useful guide to securing windows operating systems in the most unlikely of places: a linux forum: details: http://virus.gregrank.us/ will redirect you to the article mentioned above. I have built my windows desktop AV standards around the ideas obtained from responders (with great success)
If they happen to own a gun, maybe.
Jicehix
What a coincidence! Disabling the system is the first step in installation of Norton 360. You've achieved equilibrium. Congratulations.
Help stamp out iliturcy.