Over
the past few years, scareware (rogue security software) quickly emerged as the
most profitable monetization strategy for cybercriminals to exploit. Due to
aggressive advertising practices by cybercrime gangs, thousands of users are
scammed on a daily basis, and the gangs themselves earn hundreds of thousands
of dollars in the process. In this post you will learn what scareware is, the
risks its installation poses, what it looks like, its distribution channels
and, most importantly, how to recognize it, avoid it using antivirus software or any other method, and report it to the security community.
What Is A Scareware?
Basically,
scareware, also known as rogue ware or in simple terms, fake security software,
is a legitimate looking application that is delivered to the end user through
illegal traffic acquisition tactics from compromised websites, malicious
advertising u black hat search engine optimization, to finally try to fool the
user into thinking that their computer is already infected with malware, and
that buying the app will help you get rid of it.
Upon
execution, certain versions of scareware will not only prevent legitimate antivirus software from loading, but will also prevent it from
reaching their update locations in an attempt to ensure that the end user
cannot obtain the latest signature database. Furthermore, it will also try to
make its removal a slow process by blocking the execution of system tools and
third-party applications. There have also been cases where scareware with
ransomware elements has been encrypting an infected user's files, requiring a
purchase to decrypt them, as well as a single reported incident where a
scareware domain was also embedded with client-side exploits. At the moment,
the scareware versions are exclusively aimed at Microsoft Windows users.
How Does It Work?
Due
to the fact that the scareware campaigns maintained by partners on the
affiliate network use a standard template distributed to all of them, all
scareware sites share a very common set of deceptive advertising practices,
which can help you easily detect them before you perform. A purchase.
For
example, most scareware sites try to add more authenticity to their proposals
by using "clickable" icons from reputable technology websites and
performance evaluation services. Another popular social engineering tactic is
bogus benchmarking templates, which basically show a graph where scareware
outperforms software offered by some of the major security companies.
Since
the end user who is about to make an impulsive purchase decision does not have
the box to verify these claims.
The
diverse list of tactics leads us to the ubiquitous fear-driven social
engineering tactic of simulating a real-time antivirus scan
in the progress dialog, which is actually nothing more than a static script,
with anecdotal cases where the Mac users are presented with a Windows such as
the My Documents folder window. The scan results are static, bogus, and have
absolutely no access to your hard drive, hence the claims that “You are
infected! Windows has been infected; Warning: A malware infection is detected;
A malware threat has been detected” should be considered a tactical alarm.
Among
the key features of the scareware are the professional design of the site, as
well as the persistent rebranding of the template in an attempt to divert the
end-user's attention from the increasingly bad reputation of the previous brand
on the web. Combined, these features result in an efficient scam powered by
social engineering that continues to mislead thousands of victims on a daily
basis.
Examples of Scareware
Some
of the most common scareware attacks take the form of pop-up windows that
pretend to be messages from an antivirus software program, a firewall
application, or the Windows operating system.
Usually,
they will inform you that your computer has been infected with malware and ask
you to purchase an antimalware program to remove the virus. There really are no
viruses and the antimalware program they are trying to get you to buy is not
real. In the best case, you will lose the money you have spent on malware and
end up with a rogue program that does nothing. In the worst case, the newly
downloaded program will damage your computer or steal your information.
These
are the main types of scareware:
·
Spysheriff
·
Antivirus
XP
·
Punisher
adware
How to Protect Yourself from Scareware?
·
Defending
yourself against any online scam and also against computer scareware is about
being skeptical and being vigilant: always question any offer, paid or free,
whenever a window pops up and says you need to download and install something.
·
Only
use a legitimate antivirus product
that you trust.
·
Read
emails in plain text. Avoiding HTML email is not aesthetically pleasing with
all the graphics removed, but the Spartan appearance prevents fraud by
displaying suspicious HTML links.
·
Never
open attachments from strangers or from anyone offering software services. Be
wary of any email offer that includes attachments. These emails are almost
always scams and you should delete them immediately before they infect your
computer.
·
Be
skeptical of any offer online and be prepared to close your browser
immediately. If the web page you found gives you any sense of alarm, pressing
ALT-F4 on your keyboard will close your browser and prevent any scareware from
downloading.
What To
Do If You’re Computer Has Been Infected With Scareware?
·
While
scareware alerts are fake and should be avoided, they should not be completely
ignored. Its mere existence is a sign that your computer is infected.
·
To
remove it, you may need to find best antivirus software. Do your research; see if others are experiencing
similar problems or symptoms and how they fix it. The goal is to remove any
signs of viruses and immediately reinstall any antivirus software that the virus may have missed or disabled.
·
Finally,
make sure your computer and software are up to date with all current patches
and protection measures.
·
What
if an advertisement appears on the screen with dire warnings that your computer
is infected? Never click on its "download" button.
·
Always
close the ad. Just be careful: some scareware are difficult to shut down and
designed to trick you into accidentally initiating a download. It is better to
close the browser rather than the individual pop-up ads
·
If
the pop-up ad does not allow you to close the browser on your PC, press
Ctrl-Alt-Delete to close. If you can't close your browser, completely shut down
your computer.
·
Never
provide credit card information or other personal information in response to
one of these scareware advertisements.
·
Don't
let a scareware ad stop you from buying legitimate security software.
·
Never
download anything from a company whose name you don't recognize. And beware of
fakes. Many scareware scammers will use names that sound like the names of
legitimate antivirus programs.
No comments:
Post a Comment