Viral Scareware Infects Four Million Websites

oxide7 writes "A fast-spreading SQL injection attack that illegally peddles a bogus scareware has been breaking anti-virus barriers and compromising millions of websites, besides defrauding unsuspecting victims. The news of this attack was brought out by Websense Security Labs in its blog last week. Websense said its Threatseeker Network identified a new malicious mass-injection campaign which it named LizaMoon."

Re:News?

[hairyfeet]

Actually I'd say the problem isn't Windows, it is PEBKAC which NO OS will solve or they would have done so by now. I just got finished cleaning one of these scareware infections where the user uninstalled their working AV to install the malware. Now why would they do that you say? Simple, they saw the number of "infections" reported on the fake scareware page and decided their good AV must not be working (since it wasn't reporting the non existent viruses) and therefor " must have gone bad" like cheese in the fridge and tossed it to install the malware.

Now show me ANY OS that would protect the system from that level of stupid, I dare you. You can't because idiot proofing will always be defeated by the bigger idiot. For Linux here is a nice trick, how to write a Linux virus in 5 easy steps that uses nothing but bog standard social engineering. hell it doesn't even need root to be able to do all the things your average malware writer wants to accomplish. And we know this works because they used similar methods in the KDELook attack, where thousands of KDE users were infected by fake screensavers that were actually malware. Sound familiar?

So it is real simple folks, if the user has install rights then they have the ability to screw themselves, full stop. You can try education, making them jump through hoops like UAC or root prompts, it doesn't matter. it is the classic dancing bunnies problem where if the user WANTS the malware (and that is what it all boils down to, the malware uses fear or social engineering to convince the user they want to install the malware, a classic con game) then by God they're gonna get that malware whether you like it or not!

So in the end you do what you can, make sure they have a backup solution, and be ready to clean up the messes when they happen. it reminds me of how an old Linux admin of mine ended up being threatened with firing and had to show up before the head of the regional office because the PHB over him was demanding he allow the PHB's emails from Melissa without interference. In the end there is only so much you can do, you just can't knock the stupid out of some folks.