Pumpkin Party

September 10th, 2015ClearPath


Halloween is a few weeks away, and it’s your turn to host the neighborhood Halloween party. You want your party to be memorable, so you search for “Halloween party” in your favorite Internet search engine, and at the top of the list is a link to a video that promises to show you how to throw a terrific party on a limited budget – just what you were looking for!.

You click, and there it is, but it doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click. A pop-up window tells you the software source can’t be verified and warns you about continuing. Hmmph! What a nuisance!  Everybody knows that flash comes from Adobe, so you ignore the warning and click the “Continue” button.

It’s trick-or-treat time, and you’ve just been tricked!

But you don’t know it yet, so you wait for the download, and then you get a warning, saying that your computer is infected with a virus. The popup offers to do a scan, so you take the offer – after all, the window header says “Microsoft Malicious Software Removal Tool”, and you know you can trust Microsoft. As you watch the screen, you see that you have not just one but 45 instances of malware on your poor, infected PC.

The scan window offers to show you third-party software that can remove the malware, and it even evaluates each according to how well it will do against the particular problems on your PC. One vendors stands out, and it must be good, because the scan window shows you that it is rated higher than any anti-virus vendor you’ve ever heard of before.

You really want to get started on the detailed party planning, but because you’re conscientious about your PC’s health and welfare, you follow the link to the top-rated solution. Fortunately, it’s not a budget breaker: $39.95 for a year’s license. The web page includes graphics that show several certifications that you’ve heard of, so you figure it must be safe. Not only that, but you can see from the extensive configuration options that after you register and pay for it, you’ll have some full-featured protection. Before the software can work its magic and remove the malware, you have to register and purchase a license, so you get out your credit card, enter its numbers along with various other information about yourself and submit your payment.  This enables the “Remove Malware” button, and shortly after you click it, your new anti-virus software reports that it has cleaned out all infections from your PC and you’re safe. You pat yourself on the back for finding this gem, because the major brand software you’d previously installed didn’t find any of these problems, but now you’ve got the good stuff!

Your only disappointment is that after all this, the party planning video still won’t play. Disappointed, you give up on the video and head to a nearby farm to pick out spectacular pumpkins that will wow your neighbors. As you climb in the car, a criminal organization on the other side of the world is bundling up your credit card data and personal information along with those of thousands of other victims, to be sold in bulk at $2 per card (or more, if you have a high credit limit or a long expiration period) on one of several criminal information exchanges. Your PC is now hosting malware that has disabled your legitimate anti-virus software and left a bot in its place that can be controlled from far away when it’s time for the next exploit.

Fake anti-virus software accounts for about 15% of the malware on the web, and it’s a growth industry in which major players are profit-oriented criminal enterprises. A 2010 analysis of Internet sites found over 11,000 domains involved in fake anti-virus distribution, and there are a lot more now. The sophistication of their deceptions continually increases, as does the tool support available to them. For example, attackers can use special software to poison the search results from popular search engines to make their sites get high relevancy ratings. Furthermore, the alleged certifications were just graphics, not legitimate live links, and the window title you read didn’t really come from Microsoft. The download wasn’t installing a flash player, and it didn’t come from Adobe. It wasn’t removing malicious software – just the opposite! (Read about a warning and some recommendations from Microsoft, Watch out for fake virus alerts.)

By the way, you did watch a video, but not the one you expected. That window that claimed to show the results of a scan of your PC was a canned video that served its purpose – luring you to buy fake anti-virus software.

Happy Halloween! The scariest creatures aren’t ringing your doorbell and calling “trick or treat” – they’re sitting at computer terminals and living off your credit cards!


Tags-   fake anti-virus software Halloween Identity theft Security; malware virus


ABOUT THE AUTHOR

Dr. Glen E. Newton

Dr. Glen Newton is a consulting engineer and the security architect for the ClearPath OS 2200 product line. Glen’s career with Unisys has spanned over 40 years in the areas of security, operations management, and operating systems.