Web-Users Fall For Fake Anti-Virus Scams 272
jhernik writes "Fearing their computers may be prone to viruses, many web-users download fake anti-virus software, only to find later that their bank details have been hacked. According to the latest research by GetSafeOnline.org, the UK's national internet security initiative, a rising nunber of organised criminal gangs are tricking security-conscious intenet-users into purchasing anti-virus software to access their bank details. Posing as legitimate IT helpdesks, these fraudsters target internet users concerned about protecting their computers. By offering free virus checks, they normally tell consumers that their machines are infected and offer fake security software protection – usually costing around £30 – which is actually malicious software in disguise." The fact that there is such a thriving market for fake AV scams really says something about the present state of the legitimate AV market.
Re:cue /. superiority complex... (Score:3, Interesting)
how about some intelligent discussion about either educating the general public or another more intelligent solution?
We did that about 10 years ago when this story was fresh.
We've been doing that for the past 10 years. And we've decided that PEBKAC.
My idea of an intelligent solution is an infectious antivirus - spreads like other viruses do, via email, poisoned URLS, phishing, etc etc - use all the vulnerable vectors you can to spread an antivirus. It goes and tries to remove any viruses it can find and occaisonally calls back to some central server for an updated list on new threats and how to combat them.
Not a perfect solution, but I think we need to start fighting fire with fire.
They're phoning us to tell us we have a virus (Score:1, Interesting)
... about 4 times in the last month, someone calls us (UK) from an international number saying the computer has a virus.
The summary doesn't give much weight to it, but that's the newer news here, that there are call centres set up just to do this...
Re:PEBKAC (Score:3, Interesting)
This is the reason I clicked on the story at all. Just two weeks ago, my mother (59) called in a panic about over 300 viruses that some program found, and was about to click on the "run this executable" popup that IE gave her (my father won't let her run Firefox? Not that FF is likely to have stopped this*) when she thought to call someone. She tried to get a hold of my father, but he wasn't available, so she called me. I told her it was a scam, and to abort immediately. Not knowing really what else to do, I asked her to ensure her legitimate virus scanner was run that very night just to be sure. I think the trouble was averted, but only barely. It's an effective social hack. The question that makes it worth discussing is what, if anything, can we do technically to stop these hacks, and, in the meantime, what can we do socially to educate?
(*) I've seen the scam on Firefox, too, although that was years ago. FF may be blocking it since, I guess I don't know. But I found it funny because, of course, it looked like a bunch of Windows windows, which looked really out of place on my KDE/Linux desktop. And I knew that even if I did download it, it would be unlikely to be able to do anything (not that I did download it).
Re:Ugh (Score:4, Interesting)
>so it's the users installing it and not just holes in the system being exploited.
Are you sure about that? The analysis of various crimepack stats posted by Brian Krebs [krebsonsecurity.com] shows that the vector for these infections is usually (in order) Java, Adobe Reader, Flash, and browser exploits. So lets assume you patched these machines using Windows Update. That means you patched any known browser exploits, but the malware writer can still try various Java, Reader, and Flash exploits.
I think the real issue currently is how poorly these app updaters are written. Reader may never ask to do an update unless you manually start it once to install the current version of Adobe Updater. Java, depending on the version, either sits quietly in the tray asking for an update or never bothers. Flash asks at startup sometimes, but it may only update IE, but not Firefox.
For end users who have no clue, which is most of them, these apps should just be set to auto-update without asking. Admins and power users can edit this as needs be. In the meantime, its pretty trivial to infect a machine. Almost no one makes an effort to patch these apps.
I don't believe the problem is PEBCAK as we like to think. Browser plugs are a serious issue. They're just not being updated.
Re:PEBKAC (Score:3, Interesting)
These people are not the problem, the idea of giving such people full access to a full blown computer connected to a public network and running a fully fledged os designed to make such things trivial is the problem...
You don't let people drive cars, fly aircraft or do various other things unless they have received proper training, and using a computer should be no different. Such users don't need a full blown computer, they need a simplified appliance that is controlled by someone else (who knows what they're doing)... This is part of the appeal of apple's walled garden.
My grandparents have a linux box, it runs the apps they want (browser, manage photos and videos, im client, email client, music and video player) and if they want anything else they can acquire it from the ubuntu repository... They can install apps from the repositories, but can't add new repositories or execute anything they might download by hand. I configured the system and provide support and maintenance if necessary, so far it hasn't been. If they received a notice telling them their machine had malware installed and asked them to input card details, the first thing they would do is call me.
For people without technically literate grandkids, there should be paid services like this.
Re:cue /. superiority complex... (Score:3, Interesting)
Besides the null legality of infecting PC's with legit antivirus software for the greater good, there is a secondary problem.
Any tech-savvy user with their own AV solution, will most likely see their PC acquire a second set of system-hogging antivirus software. Ever installed two concurrent firewalls on your PC and saw that neither one complained? Yup, don't expect coders to make the right assumptions.
You might instead have chosen to stop using ANY antivirus --then you get mad this virusy antivirus has to keep being removed over and over to free your PC. If coders create a an opt-out flag for your registry so the AV will run and not force itself upon you, then we all know real viruses will be the first ones to set it to "true" to actually avoid getting removed. So then the AV writers would have to counter by forcing a full virus check on both the conscious-antivirus-avoiders and the unsuspecting infected users, to play it safe before the software decides it needs no further cleanup action on the avoiders' PC. And then virus writers could just kill that would-be helpful scanner and prevent the real legal-and-virusy-AV's install anyway.
Where does the war really stop?
Re:Ugh (Score:3, Interesting)
Who is sandboxing? Sure IE by default runs in protected mode, but the plugins I mentioned do not. Suspicious links are meaningless, these exploits do no require visiting some odd link. Most of these hackers take over ad servers and push malware in ads on legitimate sites.
AV sofware is also useless. These guys are compiling multiple versions of their malware per hour. Your AV can't keep up. By the time the AV vendors have a signature its 12-48 hours too late and that build is removed from production.
Remember, we're talking out of the box security for end users - they're not downloading VMware and loading VMs or using sandboxie. We need better out of the box security. Plugin writers need to have auto-update running daily without user intervention. Expecting the end user to run all these apps and go to Help > Update is a failed strategy.
Re:Or... (Score:3, Interesting)
I'm not talking about irremovably bundling it into the OS, I just mean something as simple as recommending it or even displaying it in a list of other AVs noting price points when the user clicks on the "You have no antivirus, click here to get one installed, numbnuts!" red shield.
You know, something like:
1. Norton: $x/year
2. McAfee: $x/year
3. AVG: $x/year
4. AVG Free: Free!
5. Microsoft Security Essentials (Recommended): Free!
6. I have my own choice of antivirus that I will install.
7. I have my own antivirus already installed that you do not recognize, and I will monitor it myself.
Add whoever else you like to that list.