Friday, October 23, 2009
Phishers Dangle Some Brand-New Bait
In September 2009, some unlucky visitors at the New York Times Web site clicked on an ad that attempted to install malware. The advertisement displayed a popup window informing readers that their computer might be infected with a virus; only by purchasing a new antivirus product could they be sure of having a clean system.
The Times later acknowledged the scam in a posting on its Web site: "Some NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software....If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser." Phishers and scammers use this and other new tactics to deceive unsuspecting victims.
Phishing refers to an attempt to collect usernames, passwords, and credit card data by posing as a legitimate, trusted party. Often the deception involves using e-mail sent from a trusted address. Originally, phishing applied to the banking and payment industry only, but now it also covers theft of log-in credentials to games, and personal passwords to social networks such as Facebook and Twitter.
Most people wouldn't reveal their social security number or mother's maiden name at a strange site. Modern browsers and security software flag such content and ask you whether you're sure you want to send it; some block it with a red-and-black warning label. So phishers have adopted new tactics.
Fake Antivirus Software an Emerging Problem
Rogue antivirus products are among the latest phishing instruments to appear, and many are quite convincing. Bearing names like Antivirus 2009, AntiVirmin 2009, and AntiSpyware 2009, they have interfaces similar to those of real antivirus apps. Some rogue antivirus products have their own keywords on search engines and cite fake reviews recommending them (including one that I supposedly wrote).
The rogue antivirus product that showed up on the New York Times site installed malware that, if executed, would have lowered the security settings in Internet Explorer, run executable files, and altered the system Registry. Such actions by phishing malware are fairly common. The real security apps knew it, too: Legitimate antivirus vendors AVG, Comodo, Kaspersky, McAfee, Microsoft, Nod32, and Sophos, (among others) detected this particular piece of malware within the first few hours.