Rogue security software now a top threat - Computer Business Review : News

Rogue security software now a top threat
Published:08-April-2009 | By Kevin White

Microsoft charts rise of malware in fake security software

(Editor's Note:  I've provided examples of Rogue Software Sites below)

Security intelligence gathered by Microsoft Corp shows a significant increase in rogue security software or ‘scareware’ that lures people into paying for protection that, unknown to them, is actually malware often designed to steal personal information.

According to the latest Microsoft Security Intelligence Report released today, rogue programmes known as Win32/FakeXPA and Win32/FakeSecSen were detected on more than 1.5 million computers.

Win32/Renos, another threat that is used to deliver rogue security software, was detected on 4.4 million unique computers, an increase of 67% percent over the first half of 2008.

Vinny Gullotto, general manager of the Microsoft Malware Protection Centre said, "We see cybercriminals increasingly going after vulnerabilities in human nature rather than software.”

He said the security industry needs combat the next generation of online threats through a community-based defence and broad industry cooperation with law enforcement and the public.

Rogue security software and other social engineering attacks compromise people's privacy and are costly; some take personal information and tap into bank accounts, while others infect computers and rob businesses of productivity.

Steps can be made to counter the problem, and the report recommends that security managers always configure computers to use Microsoft Update instead of Windows Update.

They should also use the Microsoft Security Assessment Tool (MSAT) to help assess weaknesses in their IT security environment.

Individuals are warned not to follow advertisements for unknown software that appears to provide protection and should avoid opening attachments or clicking on links to documents in e-mail or instant messages that are received unexpectedly or from an unknown source.

The report also cited the biggest cause of data breaches as lost and stolen computer equipment, which it reckons makes for 50% of all reported incidents.

PIN Payments News is Providing Warnings on the following rogue sites:

TheGreatSecurity.com  is a scam website designed to sell rogue anti-spyware programs. Upon entering the website you will be greated by a fake online system scan, which returns an exaggerated report full of non-existent infections. Afterwards the website will display some popups, which read:

    "The page at http://TheGreatSecurity.com says:   Your computer remains infected by viruses! They can cause data loss and file damages and need to be cured as soon as possible. Return to System Security and download it secure to your PC" or     "http://TheGreatSecurity.com says:  Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs." TheGreatSecurity.com is a malicious website, and should therefore be blocked using the HOSTS file.

WWWMobileReads.com is a malicious website, created for only one purpose - to sell rogue anti-spyware programs. WWWMobileReads.com provides a fake online system scan, which will attempt to scare the user with fake threats. Afterwards it will display a few popups with the same reason in mind. The popups read:

    "The page at http://WWWMobileReads.com says:      Your computer remains infected by viruses! They can cause data loss and file damages and need to be cured as soon as possible. Return to System Security and download it secure to your PC"  or      "http://WWWMobileReads com says:      Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs." MobileReads.com is a malicious website and should therefore be blocked using the HOSTS file.

JBF