Trend Micro CEO: Hackers Hitting AV Infrastructure

It's become an all-too-common scam: A legitimate Web site pops up a window that looks just like a real security warning. It says there's something wrong with the computer, and click here to fix it. A few clicks later, the victim is paying out US$40 for some bogus software, called rogue antivirus.

Rogue AV scams have become a big problem in recent months, but according to Trend Micro CEO Eva Chen, it's part of a more sinister, strategic attack on the antivirus industry in general. Criminals "can fake any other application. Why do they fake AV?" she asks.

According to her, a lot of today's security problems are designed not only to steal information from victims, but to undermine the credibility of companies like Trend Micro itself.

One way hackers have done this is by changing the way their software is put together each time they attack, forcing the AV vendors to bloat up their products with hundreds of thousands of new detection signatures.

In response, Trend was one of the first companies to push reputation-based technology into its antivirus products, developing its Smart Protection Network to identify and block not just viruses themselves, but also the malicious Web sites that are used to distribute malware.

PC World

A Rogue Demands A Ransom

Rogue antivirus pushers have made big bucks by tricking people into paying for worthless software, but the ever-greedy scammers have added a new evil trick.

One strain of the rogue AV, currently called Total Security 2009, will now block access to anything on your PC until you pay for a serial number for the rogue program. Attempts to open anything will instead pop-up a message claiming that the file is infected, and that you should "activate your antivirus software." Paying $79.95 for a serial number and "activating" the program allows you to use your PC once more, according to a post from antivirus maker Panda Security, but doesn't get rid of the scamming software.

Why Small Companies Should Think Outside Box for Protecting Endpoints: Download nowRansomware that holds files hostage has been around for years, but it has been a relatively small niche in the online black market. But where previous extortion attempts were obvious, even clumsy, this new twist uses yet another layer of social engineering to disguise the ransom demand as a supposed safety measure.

If you or someone you know is unlucky enough to fall victim to this rogue, Panda has posted a batch of serial numbers that will activate the fake app and unlock your files (next step would be to run all the real AV scans you can). However, scammers constantly change their rogue apps in an attempt to stay ahead of the real security software, so these numbers may not remain useful for long. Panda also has a demonstration video in its post.

PC World

Alert: Microsoft Security Essentials SEO Poisoning

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has discovered that search engine results for information on how to download Microsoft's recently released Security Essentials tool are returning links to Web sites that serve rogue AV.
Read more at: WebSense

Much thanks to Eric Cissorsky for the alert on yet another naughty cybercriminal trap!