Educause Security Discussion mailing list archives
Re: how does fake antivirus work?
From: Alexander Kurt Keller <alkeller () SFSU EDU>
Date: Thu, 28 Apr 2011 16:07:21 +0000
Re: What is the range of how fake AVs really work? Do some cajole you into installing their code while others silently inject their code automatically? I have seen both. The most common is visiting a malicious web site that presents an interface that mimics Windows explorer and displays a fake scan of your hard drive, complete with progress bar and various Windows UI accoutrements intended to fool the unsuspecting users. Of course that fake scan indicates that your current anti-virus software is out of date and all kinds of malware have been found on your computer, prompting the user to download/install their rogue anti-virus application. In these cases the user is complicit. Perhaps less common is the scenario where a user visits a malicious webpage (or email) that initiates a browser/flash/acrobat/etc exploit which subsequently installs the rogue anti-virus application without the consent of the user. The later vector is more advanced of course and typically requires more time/expertise investment by the attackers. Best, alex Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Thursday, April 28, 2011 8:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] how does fake antivirus work? The "SANS Securing The Human Program" training module #2 about Social Engineering demonstrates that fake antivirus programs fool you into going through the installation process to load their malware onto your computer. Locally, I am hearing the assertion that fake AV is not nearly that gentle, that your computer is instantly and automatically compromised as soon as you go to their website, the process of installing their fake product can be just as fake as the process of evaluating your computer for current infections. What is the range of how fake AVs really work? Do some cajole you into installing their code while others silently inject their code automatically? Around here, the most common instance of social engineering seems to be the simple email phish that asks for password, etc in reply or by going to a web form. Bob Bayn (435)797-2396 Security Team You are on the Security Team, too. Be an Internet Skeptic! There's nothing really free on the 'net Office of Information Technology at Utah State University http://tinyurl.com/bicyclists-share-kidneys
Current thread:
- how does fake antivirus work? Bob Bayn (Apr 28)
- Re: how does fake antivirus work? Alexander Kurt Keller (Apr 28)
- <Possible follow-ups>
- Re: how does fake antivirus work? Joe St Sauver (Apr 28)