Phony Anti-Spyware Software Lures Unsuspecting Users - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:14 PM

Phony Anti-Spyware Software Lures Unsuspecting Users

A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk.

A scam that's spoofing Microsoft's Windows Security Center shows that phishers are increasingly abandoning the traditional e-mail ploy of telling consumers their bank accounts are at risk, a security expert said Tuesday.

Like the most dangerous and devious phishing attacks, this one is based on a Web site. Users enticed here face a fake portrayal of Microsoft's Windows Security Center.

The bogus site displays such factual information as the user's IP address, the browser being used, operating system, and country of origin. Along with that, however, the page claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also alleges that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that's collecting private data.

It's all a lie, said Patrick Hinojosa, the chief technology officer of Panda Software.

There's no such online edition of Windows Security Center -- that's actually an on-disk utility in Windows XP -- nor is there any legit malware by the name of Sinnaka.a.

But the scam is only beginning, said Hinojosa. Unlike other phishing fraudsters, these aren't after identities or even bank account numbers. Instead, they're trying to scare users enough that they click on one of the four links to purported anti-spyware tools with names like Spy Trooper, PS Guard, World AntiSpy, and Raze Spyware.

Users who click on a links to download one of these programs is told to register the program for a small fee: $10.

The fake site was slick enough to fool even Hinojosa for a moment. "I wasn't paying attention, and when I looked back at the JPEG [image screenshot] of the bogus site, I thought at first it was actually the Windows Security Center screen on my desktop," he admitted. "I had to look at it twice to tell it wasn't. This is certainly something that would fool most people. I could see my wife looking at this, and giving me a call telling me that our home computer was infected."

The four "anti-spyware" programs touted at the site aren't new to real researchers. Spy Trooper, for instance, is simply a renamed version of SpyDemolisher/SpySheriff/SpywareNo. All four are on Spyware Warrior's "Rogue/Suspect Anti-Spyware" list.

The ploy, of course, is to spook users with a bogus infection alert -- backed up by an interface that looks official -- then get them to reach for the first piece of software they see.

"Most phishing don't come via e-mail anymore," said Hinojosa, "not in the typical way we're used to, where a bank or PayPal says that you need to reactivate an account. Most come via a remote control Trojan or some kind of Web site scam, like this one."

Spam is still used to get traffic to a site -- including this one -- he added, but "the e-mail is up-front that it's selling something or directing you to a service site. Nothing up to that point is quote, unquote wrong in users' minds. They're on guard against the traditional phishing, but not this."

A cousin to "ransom-ware" -- the term some have slapped on malicious code that infects a PC, then demands money in return for cleaning up the machine or unlocking suddenly-encrypted -- this technique isn't new. The Federal Trade Commission (FTC) has been busy during 2005, in fact, with lawsuits quashing other bogus anti-spyware schemes.

In August, the FTC announced a settlementh, a subsidiary of AOL, which stipulated that the SpyBlaster program would disclose it came with adware. Earlier in the year, the FTC moved against Spyware Assassin and SpyKiller 2005

Even with FTC crack-downs, however, the bogus spyware approach won’t vanish. It's too lucrative.

"We're going to see a lot more like this," said Hinojosa. "Like mushrooms after a rain."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll