Slashdot Mirror
Web-Users Fall For Fake Anti-Virus Scams
jhernik writes "Fearing their computers may be prone to viruses, many web-users download fake anti-virus software, only to find later that their bank details have been hacked. According to the latest research by GetSafeOnline.org, the UK's national internet security initiative, a rising nunber of organised criminal gangs are tricking security-conscious intenet-users into purchasing anti-virus software to access their bank details. Posing as legitimate IT helpdesks, these fraudsters target internet users concerned about protecting their computers. By offering free virus checks, they normally tell consumers that their machines are infected and offer fake security software protection – usually costing around £30 – which is actually malicious software in disguise." The fact that there is such a thriving market for fake AV scams really says something about the present state of the legitimate AV market.
Most computer users are simply naive; some are downright stupid. This should be tagged: !news.
The thriving market for fake AV scams simply means people are too cheap to pay full price for a commercial AV scanner, or too stupid to find a legit free one. Computers are appliances to 90% of the world's population, and no other appliance requires expensive upgrades to determine if it's being misused. Even without a car alarm, you'll notice if your car isn't where you parked it, but a most infected computers don't advertise as such. People know they need an AV scanner, and hey, the computer just offered them one, "Score! No need to go shopping for one!" All viruses (that aren't autonomous worms) spread based on misplaced trust or greed, and getting a cheap AV scanner appeals to both instincts.
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Nerds of the world, it is time to unite around a new cause. It is time to write, and release, a new virus that relies on a series of incredibly stupid attack vectors - the kinds of attack vectors that only a clueless dipshit would actually fall for. The virus has only one simple payload: it uninstalls all network drivers on the machine.
After several trips to get their machine "repaired," these folks will either wise up, or give up.
Who wants to join the crusade?
If libertarians are so opposed to effective government, why don't they all move to Somalia?
Seriously. This has been going on for YEARS. Why is this being posted here?
cue /. superiority complex... Seriously, rather than tag as !news or PEBKAC, how about some intelligent discussion about either educating the general public or another more intelligent solution?
You gotta give it to companies like McAffee, Symantec, etc... they know how to scare people into handing over money so they are "protected". It was only a matter of time before people started to copy their methods.
This article really was an eye opener!
Who would have thought that a large percentage of windows users are not technically inclined and easily tricked by scary looking windows!
Rumour has it that scissors can be fairly sharp, and fire is damn hot sometimes.
Also.. _really_ old news. This scam has been around for at least a decade. It followed closely on the success of the "YOU HAvE ONE URGENT MESSAGE" banner ad.
Not only is there already such a virus, the PC usually comes with it preinstalled.
Help stamp out iliturcy.
It's already pretty damn easy to identify fake AV software. Just follow this simple flowchart:
Is it advertised through a popup or an unsolicited email? > Yes > It's a scam!
Simple! This works for all products, not just fake AV.
Colour me surprised.
I recently had to install Windows 7 at home, and decided to put Norton AV on my machine. I boot up on Windows roughly once every couple of weeks to run a specific application. So I notice Norton AV popping up loads of windows, running it's intrusive update process about bombarding me with scary looking crap prompting me to read about the "latest security threats from cyber-criminals". Hair-raising stuff, especially if you're not a computer specialist.
I'm an IT professional, and _I_ find this behaviour sleazy, unethical, annoying and slightly alarming. This is a product I paid GOOD MONEY FOR. I'm PAYING to be bullied, essentially.
So I can just imagine the average user being bullied and terrified by this crap... which is not only enriching the AV vendors, but also making regular folk like lambs to the slaughter for the forces of evil out there.
I'd say that the consumer, criminals and the AV companies are really inhabitants of one ecosystem: prey, parasites and predators respectively.
The people who really worry me are not the clueless dipshits, but the 50+ crowd who have never really used computers before, and through newly-acquired secondhand knowledge, now know just enough to be dangerous. I think they're probably the ones mostly in danger of falling for these scams. We need to keep our parents and grandparents educated and tell them just because a page shows up first in their Google search doesn't mean it's necessarily what they're looking for.
That's because these consumers know better than to trust anything free. "You get what you pay for", right?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
To be fair, it's not exactly easy to find a legit free AV programme. Downloading my poinson of choice, AVG, for example, requires you to navigate through the website, locate the tiny "free version" link on a series of pages, and wind through and around a whole lot of annoying screens designed to baffle/frustrate/bully you into buy a pay version.
And worse, you then have to go through this whole process again every six months when they release a new version that isn't covered by the auto updater.
I definitely consider the behaviour of companies like AVG to be partially responsible for people getting confused, frustrated, and resorting to less legitimate means.
This is the reason I clicked on the story at all. Just two weeks ago, my mother (59) called in a panic about over 300 viruses that some program found, and was about to click on the "run this executable" popup that IE gave her (my father won't let her run Firefox? Not that FF is likely to have stopped this*) when she thought to call someone. She tried to get a hold of my father, but he wasn't available, so she called me. I told her it was a scam, and to abort immediately. Not knowing really what else to do, I asked her to ensure her legitimate virus scanner was run that very night just to be sure. I think the trouble was averted, but only barely. It's an effective social hack. The question that makes it worth discussing is what, if anything, can we do technically to stop these hacks, and, in the meantime, what can we do socially to educate?
(*) I've seen the scam on Firefox, too, although that was years ago. FF may be blocking it since, I guess I don't know. But I found it funny because, of course, it looked like a bunch of Windows windows, which looked really out of place on my KDE/Linux desktop. And I knew that even if I did download it, it would be unlikely to be able to do anything (not that I did download it).
This is why I use gopher.
>so it's the users installing it and not just holes in the system being exploited.
Are you sure about that? The analysis of various crimepack stats posted by Brian Krebs shows that the vector for these infections is usually (in order) Java, Adobe Reader, Flash, and browser exploits. So lets assume you patched these machines using Windows Update. That means you patched any known browser exploits, but the malware writer can still try various Java, Reader, and Flash exploits.
I think the real issue currently is how poorly these app updaters are written. Reader may never ask to do an update unless you manually start it once to install the current version of Adobe Updater. Java, depending on the version, either sits quietly in the tray asking for an update or never bothers. Flash asks at startup sometimes, but it may only update IE, but not Firefox.
For end users who have no clue, which is most of them, these apps should just be set to auto-update without asking. Admins and power users can edit this as needs be. In the meantime, its pretty trivial to infect a machine. Almost no one makes an effort to patch these apps.
I don't believe the problem is PEBCAK as we like to think. Browser plugs are a serious issue. They're just not being updated.
These people are not the problem, the idea of giving such people full access to a full blown computer connected to a public network and running a fully fledged os designed to make such things trivial is the problem...
You don't let people drive cars, fly aircraft or do various other things unless they have received proper training, and using a computer should be no different. Such users don't need a full blown computer, they need a simplified appliance that is controlled by someone else (who knows what they're doing)... This is part of the appeal of apple's walled garden.
My grandparents have a linux box, it runs the apps they want (browser, manage photos and videos, im client, email client, music and video player) and if they want anything else they can acquire it from the ubuntu repository... They can install apps from the repositories, but can't add new repositories or execute anything they might download by hand. I configured the system and provide support and maintenance if necessary, so far it hasn't been. If they received a notice telling them their machine had malware installed and asked them to input card details, the first thing they would do is call me.
For people without technically literate grandkids, there should be paid services like this.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The walled garden approach (eg apple) works well for average users...
Linux distros with trusted repositories are a good idea too, the average user still receives the protection of getting all their software from a known trusted source while advanced users still have the flexibility available.
End users should not have root or equivalent access, they should only be able to install software from trusted sources and should defer to a third party (either someone they know, or a paid service etc) for anything more advanced.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
If you have a lot of files ending on ".dll", chances are pretty high that you have software on your system that might be harmful.
Maybe he searched for "Malware" and found what he was looking for...
Brain surgery - it's not rocket science!
Who is sandboxing? Sure IE by default runs in protected mode, but the plugins I mentioned do not. Suspicious links are meaningless, these exploits do no require visiting some odd link. Most of these hackers take over ad servers and push malware in ads on legitimate sites.
AV sofware is also useless. These guys are compiling multiple versions of their malware per hour. Your AV can't keep up. By the time the AV vendors have a signature its 12-48 hours too late and that build is removed from production.
Remember, we're talking out of the box security for end users - they're not downloading VMware and loading VMs or using sandboxie. We need better out of the box security. Plugin writers need to have auto-update running daily without user intervention. Expecting the end user to run all these apps and go to Help > Update is a failed strategy.
So, you're going to train everyone, every time a new attack vector/ad/clickbomb comes around?
Rather than tell them not to bank online (Are you fucking kidding me?!?!), try telling them if they want to be secure and not have their bank info stolen/cleaned out, then don't use Windows/IE. Since that is what EVERY scam uses. You can argue that using other platforms will have this eventually, but no others do right now. You can argue that Windows is more secure than others, but no other OSes have this scam. You can argue that Windows is more common/well known/familiar, BUT NO OTHER OS HAS THESE SCAMS.
A car analogy: If the Crown Vic was a horribly unreliable car and could kill them if they used the turn signal wrong, you'd never let them buy it. Why would you let them get robbed by using Windows/IE?
There are two types of people in the world: Those who crave closure
For a new/elderly user, I submit to you that the correct answer is that they should not use a public terminal. That's just asking for trouble for even the most experienced of users.
Actually, I'm not so sure it's always an issue of users installing this stuff voluntarily?
The "Vundo" trojan is supposedly a leading cause of automated installations of the annoying "AntiVirus 2009/2010" fake AV packages and other garbage.
(See: http://en.wikipedia.org/wiki/Vundo)
I recently cleaned this off of a PC for a client of mine, and in their case, the original trojan horse files were found embedded in the compressed Java runtime files. So at least some of this stuff may be coming from "drive by infections" that take advantage of security flaws in older versions of the Sun JRE. Once the trojan is implanted in the JRE, it proceeds to auto download and install this other stuff.
This is I think the whole "browser as an application platform" thing we've had going for the last few years.
I know, I know, we need advances and you web programmer types can do some great things with your languages these days. But it's no longer just a browser at that point, is it? And when it gets to interact with the OS on various levels, and when there are holes (which there always are) bad things happen. The fact that web-apps and their multitude of up-popping windows can and do frequently look the same as messages from the OS is probably not a very good thing. I know, we can't stop people faking it with images, but IMHO some sort of inbuilt restrictions on the appearance of web-originating content vs local programs would be a good thing.
if they want to be secure and not have their bank info stolen/cleaned out, then don't use Windows/IE. Since that is what EVERY scam uses.
Seems to me that if a phish arrives at my email account, and I open it up using the default email client, and I click the http link that says "your banking details need to be updated", and I fill in all my personal financial information in the resulting web page ... I'm equally boned whether I'm using Windows, MacOS, or Linux.
Same goes for when a former Nigerian oil minister contacts me to assist with a large funds transfer. Some goes for any number of other social engineering scams that don't rely on any specific technology platform.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
My mother kept receiving calls from some company claiming to be IT support and trying to get her to visit a website to update her machine as there records show it being infected. She always says that my son deals with that sort of thing and she will just not switch the computer on until I have checked it. One day they called while I was there so I spoke to them, they always mumbled the name of the company, I asked them for their company registration number as I needed to check they are a legitimate company. They try to get me to visit there website where I can see that they are legitimate, eventually they give me a number which was about 12 digits too long for a company registration number I tell them I can't find anything about them at Companies House and eventually they give.
" ... Compound this with the MacAfee Heel: most OTS boxes come with MacAfee installed at least as a demo. ..."
You've inadvertently hit the nail on the head. The scam is simple and effective because it exploits human logic. I've noticed most /.'ers think that users are naive, or clueless, or worse, but they're missing the beauty of the scam because they can't think like a non-sophisticated user ... they're beyond it and don't have the same mindset anymore.
But, to get to the point, the PC comes pre-installed with some kind of AV, in demo mode. It works for a while, then times out or goes to some limited functionality. This is the AV vendor's only real means to get a license sold. I would bet that pretty much every user that falls for this scam has at least considered buying the demo up to full functionality, but balk at the cost.
Along comes Mr Fake AV. The user knows they have no or limited AV protection. They know everyone says they need some protection. The crooks know that all they have to do is price their scam SW lower than whatever McAffee (or whomever) wants for the demo to go licensed. McAffee has helped this transaction by setting the bar price-wise, and the scammer knows ALL the users have been exposed to the price via the demo, so he also knows ALL the users will see it as a bargain. Bingo. Hook, meet Line and Sinker.