Information Security News mailing list archives
New Fake Antivirus Attack Holds Victim's System Hostage
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 16 Oct 2009 01:29:13 -0500 (CDT)
http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml;jsessionid=FIWCQFEV0MTMDQE1GHRSKHWATMY32JVN?articleID=220601022 By Kelly Jackson Higgins DarkReading Oct 15, 2009 Attackers have added a new twist to spreading fake antivirus software: holding a victim's applications for ransom. Researchers discovered a Trojan attack that basically freezes a user's system unless he purchases the rogueware, which goes for about $79.99. The Adware/TotalSecurity2009 rogueware attack doesn't just send fake popup security warnings -- it takes over the machine and renders all of its applications useless, except for Internet Explorer, which it uses to receive payment from the victim for the fake antivirus. "The system is completely crippled," says Sean-Paul Correll, threat researcher and security evangelist for PandaLabs, which found the new attack. Correll says when the rogueware detects any application on the machine starting to execute, it then shuts down the application. "This happens for every file you try to open except IE. The only reason IE works is because that's what's used to allow victims to pay the cybercriminals," he says. Bad guys have used ransom threats in phishing attacks and distributed denial-of-service (DDoS) attacks, but Correll says this is the first time it has been used to force users to buy rogueware. Rogueware distributors typically prompt the victim with pop-up messages, but the user can bypass the purchasing process by ignoring them or clicking through them. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.org
Current thread:
- New Fake Antivirus Attack Holds Victim's System Hostage InfoSec News (Oct 15)