backtop


Print 56 comment(s) - last by SpaceJumper.. on Oct 22 at 4:58 PM

Scareware threat continues to rise, with security experts attempting to do everything they can to limit the damage

Security company Symantec disclosed that online criminals are cashing in by scaring PC users into downloading exploited anti-virus software.

In the past 12 months, more than 40 million people across the world have been tricked into installing 'scareware' software.  Specifically, criminals trick PC users into downloading a piece of software -- anti-virus and anti-spyware are two popular program types -- that are malicious pieces of software so they are able to acquire credit card information and other sensitive information.

In addition, some criminals create pop-up alerts telling PC users they face a serious risk, then offer fake anti-virus software that can be used to clean up the computer.  The catch?  The software costs money, and users still end up being compromised by the fake software.

"Obviously, you're losing your own hard-earned cash up front, but at the back end of that, if you're transacting with these guys online you're offering them credit card details, debit card details and other personal information," Symantec employee Con Mallon told BBC.  

The 43 million were victims of the scareware threat from July 2008 to June 2009, when researchers began collecting information.

The overall threat of identity theft and bank fraud continues to increase as criminals use more sophisticated techniques to compromise PC users.  Furthermore, even more people around the world are now using the Internet to view bank information, pay bills, and shop online.

Cracking down on criminal enterprises tends to be extremely difficult, with many organized hacker groups operating in Eastern Europe, China, North Korea, and other locations in which it is difficult to identify suspects.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Threats are real
By mechBgon on 10/20/2009 3:59:15 PM , Rating: 2
Step one: switch your users to low-rights accounts.

Step two: if your version of Windows can do Software Restriction Policy, throw that on in disallowed-by-default mode as well.


RE: Threats are real
By tmouse on 10/21/2009 8:18:27 AM , Rating: 2
It depends where you work. In many academic environments you cannot control the systems or lock things down. Also as mentioned earlier many legitimate sites now accept ads, that they have no control over, which could be infected. A multi layered approach is necessary. That requires a solid firewall, network monitoring for compliance and if possible locking the system as much as possible. Even then at best all we can do is try to minimize the damage and downtime.


RE: Threats are real
By mechBgon on 10/21/2009 11:48:51 AM , Rating: 2
quote:
Also as mentioned earlier many legitimate sites now accept ads, that they have no control over, which could be infected.


It won't matter, if you follow the steps I just gave. I used to hunt scareware every day in the wild, and I know what works as prevention. Nothing is more powerful than making it impossible for your non-Admin (or something exploiting their session) to execute the Trojan in the first place.

quote:
In many academic environments you cannot control the systems or lock things down.


My sister's a librarian at a local university and they've made the leap. No more rogue user-Admins messing things up, that's IT's exclusive turf now. I do pity the people who can't use non-Admin accounts due to uncooperative software.


RE: Threats are real
By SpaceJumper on 10/21/2009 8:27:53 PM , Rating: 1
I agree 100%. The problem lies between the seat and the keyboard.


RE: Threats are real
By tmouse on 10/22/2009 9:37:55 AM , Rating: 1
Being a librarian at a local university and researchers at major academic institutions are two completely different worlds. Universities make a lot of money from grant overhead (70% +), If you try to force rules on them they will walk and take the money with them. This can affect the bottom line and effect endowments. Some places have been successful in enforcing some restrictions many have not. I do not know of any that have limited software installation on research boxes (academic freedom can cause a lot of unwanted difficulties). It's simply not the same as a business. Limited rights are good measures but they are not a cure all, how do you know the software you get is clean? You rely on the duplicators or online distributers use of AV programs. I've seen some very sophisticated attacks that reside in caches that are allowed on networks and can infect machines doing permitted program installations. A multi tiered approach is ALWAYS the best, and one should never totally rely on any one method, but we have to balance security with convenience. Telling people to ignore AV is simply bad advice.


"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki