09/18/2011

Fake Antivirus Software Showing up on Legit Websites

For a while it seemed the fake antivirus software world was going to continue growing unchecked, but as pointed out by ZDNet's Ed Bott in his piece Who killed the fake antivirus business?
The fake-antivirus business was a big money-maker in the first half of this year.

"Then, at the end of June, fake-AV products practically disappeared from the web.

"Was it technology, or does traditional law enforcement deserve the credit?
Ironically, just two weeks after his piece, uTorrent (a company offering legitimate BitTorrent software) saw their web servers hacked into and their legitimate BitTorrent software replaced with fake antivirus software.

As it turns out, the server in question, according to the geek.com piece, was only online with the phony antivirus software/malware for an hour and 40 minutes, from 4:20AM 'til 6AM PST.

A response of under two hours to identify the breach and take the server offline, especially in the wee hours of the morning, is really quite good. (Unless, of course, you downloaded uTorrent in that block of time.)

Here's what one version of the Security Shield fake antivirus software looks like:



(Notice the bad grammar in the fake software's interface, Protect your PC in new level.)

Matthew Humphries, the geek.com writer behind the story, goes on to say,
uTorrent has now apologized and managed to get their servers back online after removing the rogue files.

"If nothing else this should act as a reminder to everyone to ensure any files you download from the Internet are scanned with a reputable security scanner before being run, as clearly you can’t trust legitimate sites all of the time.
I couldn't have said it better myself.

And that, my friends, is why antivirus software is a must.

Even huge companies like Sony have suffered major break-ins in recent months, like Sony's entire Playstation Network (PSN) being taken down for weeks as a result, so even when you're downloading software from a known, trusted source, who's to say their servers haven't been compromised?

09/09/2011

TDSS Botnet Has a Firefox Add-On?!

Too weird and too bold to be true, yet still true.

The TDSS botnet, regarded as the most sophisticated threat today according to Kaspersky Labs, makers of Kaspersky Antivirus.

And now, apparently the botnet is proving to be such a menace and so difficult to detect, its creators have even gone so far as to create a Firefox Add-On to make it easier for anyone using the botnet for anonymous surfing to switch from one hijacked connection to another.

Brian Krebs has more detail on the TDSS Rent-a-Bot Botnet Details.

What's so scary about this aspect of the TDSS botnet, which appears to be capable of being used for anything you can imagine, is that this part of it means you can have someone surfing the web as if they're using your computer to do whatever they want.

Here's a screenshot of a few of the infected PCs being rented for web proxy service:



The evil possibilities are endlesss.

Imagine what you could never imagine you doing yourself on your computer. Imagine what you'd never want your computer being used for. Now, imagine someone else is doing these things on your computer. And you don't even know it.

In my mind, I'd call Kaspersky's assessment spot on.

And if as you read this you're thinking to yourself, "Oh, but I know my computer isn't infected. I'd know it! Pfft. I don't need antivirus software." Sure about that, are you?

Sure enough that you can explain why your computer was downloading illegal pictures at 3AM? Or pirated Hollywood movies? Or stolen data from a military base?

You're that sure, are you?