Posts

How to Spot Fake Anti-Virus Software

fake-antivirus

 

This is a very good article on Fake Anti-virus software and it’s implications.

Take the time to read it and you may prevent the pain of Identity Theft and Credit Card Fraud!!!

 

Article by Sue Marquette Poremba

Fake anti-virus (AV) software is a pain in the rear. It’s annoying as all get-out. And it can do a lot of damage to your computer. Just when you think you’ve figured out that it’s fake, the bad guys make changes.

If you’re lucky enough to have never experienced fake AV, it usually arrives as a piece of malware that pops up on your screen with a dire warning that your computer is infested with viruses — a lot of them.

If you click on the button, it offers to download the AV software to “clean” your computer. But that’s not a good idea.

“There are many versions of fake AV currently circulating on the Internet today,” said Raul Alvarez, senior security researcher for Fortinet’s FortiGuard Labs in Sunnyvale, Calif. “While there are different variations, styles and names, they all share a common feature set.”

Anatomy of a scam

The first feature is a professional-looking graphical user interface that makes it look like a legitimate anti-virus application. Once the fake AV gets into a user’s computer system, it launches the interface and pretends to begin “scanning” the computer.

Once the “scan” is finished, fake AV typically tells the user that the system is riddled with malicious software

Next comes the crucial part: The fake AV wants payment in order to “clean” the system of all that bogus malware.

But don’t enter that credit-card information. Once you do, all that data gets shipped off to Eastern Europe or Brazil, and you immediately become a prime candidate for identity theft.

Even worse, some fake AV loads real malware, meaning you’ve just paid to have your computer infected, and others log your keystrokes or try to steal other information from your machine.

[8 Security Basics the Experts Want You to Know]

The new breed

Alvarez and his colleagues recently found a new variant of fake AV that’s got a brand-new look. They’ve given it the catchy name of W32/FakeAV.RA!tr.

“Once the malware is installed, an infected user receives a warning message that reads the software has discovered a spyware infection,” Alvarez said.

The warning balloon looks like it’s coming not from some random anti-virus software that you’ve never heard of, but from the real anti-virus package you’ve already installed. That’s pretty sneaky.

The next part of the scam is par for the course.

“When a user clicks on this warning message, a new application window that resembles a legitimate anti-virus application appears, starts ‘scanning’ the system and begins displaying detected infections,” Alvarez said.

“Once the detection phase is complete, a new window appears that displays the number of infections the software has discovered. The window also includes an option for the user to remove the detected threats or ‘Continue unprotected.’ Common sense dictates a user selects remove the ‘threats.'”

If you continue to click through, you’ll next be asked for your credit-card information and you are taken to a checkout screen. Then things get bad.

“This version of fake AV displays a warning message whenever a user tries launching a program and is particularly nasty as it doesn’t allow a user to launch any applications from their computer,” Alvarez said.

How to protect yourself

Computers are infected with fake AV through infected email attachments, links within emails or social-media links that lead users to malicious sites that automatically infect PCs and Macs via drive-by downloads.

The trick to avoiding fake AV infection is to know what’s already on your system. You should already have genuine anti-virus software that you’ve personally bought or installed.

Alvarez recommended being familiar with your anti-virus software and to know what it looks like when prompts you for an update, if it isn’t done automatically.

If an update or scan prompt doesn’t match your regular anti-virus software prompt, fake AV has most likely made its way onto your computer.

“Don’t forget, you already paid for the software on your computer,” Alvarez said, “so if you are being asked to pay for something, it is fake.”

If you do end up with fake AV on your system, be assured that you aren’t alone — this is a billion-dollar business for criminals.

First, scan your computer with your legitimate anti-virus software. If it’s blocked by the fake AV, reboot your computer in “safe” mode and scan again.

“In addition, it is advised to do an ‘offline scan,” Alvarez said. “This means a computer should to be scanned and cleaned outside of the full operating system to complete remediation.

“This requires a restart into the Windows Pre-installation Environment (WinPE) to run a scanning utility, such as Windows Defender Offline scan tool,” he added.

Article Source: Security News Daily

Internet Crime and Taxes are two of life’s certainties

AVG (AU/NZ) reminds consumers and small businesses to be alert to the latest online scams and phishing attacks targeting this tax return season.

MELBOURNE, 13 June 2012 — Ahead of this year’s tax return season, AVG (AU/NZ) Pty Ltd, distributor of AVG Technologies’ award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, alerts consumers and small businesses to the latest attempts by cyber criminals to gain access to lucrative identity and financial information. With upwards of 2.5 million individuals using the Australian Tax Office’s e-Tax electronic tax return service, cyber criminals have a huge, potentially receptive audience for their activities. Security Advisor at AVG (AU/NZ), Michael McKinnon, said: “Internet crime and taxes are now two of life’s certainties. Cyber criminals are starting to release this year’s crop of end of financial year scams to trick taxpayers into revealing highly valuable personal and financial information. As younger members of the community join the workforce and others shift from paper-based to online tax return processes, there is always a new audience for inventive tax season scams.” There’s a certain inevitability about June 30: it will bring new ways to scam the unwary and new phishing frauds asking for your credit card details including:

  • Offers of government grants needing to make payments prior to the end of the financial year.
  • Prompts for baby bonus applications.
  • Assistance to find lost superannuation funds.
  • Notification that your company tax rate has changed.

The Government’s SCAMWatch website is currently alerting Australians to be aware of Carbon Price scams seeking your personal banking details to pay carbon tax compensation into your bank account or offering to sell you fake carbon credits. Many of us now communicate directly with tax advisors via email so other tricks include sending phishing emails that ask you to open what appear to be legitimate attachments to fill out personal details. The simple act of clicking on that attachment could redirect you to a malicious website, or deliver to your computer an infection that could launch an attack on your accounts and extract financial details. McKinnon said: “When you consider all the information included in your return – your tax file number, details of investments, retirement accounts, employment, the property you own – in the hands of cyber criminals, your identity and more could be at risk. And if you see an offer that looks too good to be true – avoid it. Any offer of an online refund will absolutely be a scam because that’s not how the ATO or any other Australian government agency operates.”

Some top tips to help you safely file your tax return this year:

  • Use the end of financial year to review your personal or business online security systems to ensure your protection is fully and automatically up to date – on all computers, phones, other mobile technologies, plus USB and other memory devices from which you will gather, store and send your financial information.
  • Do your homework by reviewing the ATO and SCAMWatch online security pages.
  • In communicating with your tax advisor, consider creating a password protected Zip file of your financial data.
  • Always open your e-Tax filing directly from the ATO’s site (www.ato.gov.au); never click through to the site from an email invitation. The filing of tax returns directly via the ATO’s e-Tax service is secure.
  • Always use a trusted WiFi or Ethernet connection from your home or office to file your tax return – never use a public WiFi without a firewall in place and Internet security installed.
  • Be cautious of anything that you haven’t directly requested and only respond to those communications you’ve initiated.
  • Delete all related emails from your server once you’ve filed your return.
  • While the ATO uses emails and SMS for service alerts, it will never request the confirmation, update or disclosure of confidential personal details. If you receive suspect communication from ‘the ATO’ or any other ‘government department’, do not click on any links in an email or answer phone questions. Report it immediately to the ATO.

Tax Time Cyber Crime Assistance

  • Examples of current Tax Refund scams: http://www.ato.gov.au/onlinesecurity
  • The Australian Government’s cybersecurity website, Stay Smart Online, provides information for Australian Internet users on the simple steps they can take to protect their personal and financial information online.
  • Australian Competition and Consumer Commission (ACCC)’s SCAMWatch provides information to consumers and small businesses about how to recognise, avoid and report scams.

Scareware Part 2

Malware/Scareware Threatens to Sue BitTorrent Downloaders.

 

A new malware scam is trying to trick BitTorrent users into paying for illegally downloading copyrighted material.

The malware displays a box with the message “Warning! Piracy detected!” and opens up a web page supposedly run by a Swiss company which states thet are “committed to promoting the cultural and economic benefits of copyright.”

The fake company, the ICCP Foundation, claims to be sponsored by the Recording Industry Association of America, the Motion Picture Association of America and others. TorrentFreak, which was the first to discover the malware, wrote that, “It appears to scan the user’s hard drive for .torrent files and displays these as ’evidence’ of an earlier infringement”.

Victims are warned of possible imprisonment and fines, and given the option of “settling” the “case” for a one-time payment of $400, by credit card.

Obviously you would be crazy to hand over your Credit Card details, but it only takes a small percentage of victims to fall for the scam to make some serious cash, which is why the scammers go to the trouble.