Flash-based rogue AV targets users
Posted on 23.03.2012
The business of pushing rogue AV software onto unsuspecting users is quite lucrative, so it's no wonder that cyber crooks are still doing it.

But while most of the time users are saddled with scareware through drive-by exploits, every now and then the crooks still count on them to download the malware themselves.

In a recently discovered spam email campaign promoting fake AV, the links in the messages take users to one of over 300 compromised domains. Once users lands on the page, a JavaScript message warning about a "critical process activity" prepares them for a fake scan which immediately starts "running".

"The page uses Flash making it look more convincing with realistic icons, progress bars, and dialog boxes," say the researchers. "Unsurprisingly, the fake antivirus detects plenty of viruses. Decompressing the Flash file and analyzing it shows a huge list of files contained within it. The Flash movie then simply picks some of these at random and claims they are infected (with equally random virus names)."

Users are then offered the option of removing all the found malware, but if they choose not to, they are bombarded with warnings about an imminent system crash and urged to change their decision.

If they do choose to remove the malware, they are offered a "Windows Risk Minimizer" for downloading and, once run, the fake solution does seem pretty legitimate. It also runs a scan and, unsurprisingly, finds that the system is overrun with malware.

If the users still fail to proceed to buy a subscription for the solution and simply close the window, the fake AV will constantly annoy them with pop-up warnings and balloon messages saying that a program has been blocked from stealing their data, that identity theft is in process, or even tries to scare them with prosecution:

Of course, it claims that all these problems can be solved by simply buying a lifetime subscription and support for the fake AV. To do that, they only have to shell out $99,90.

Users are advised to regularly update their OS, browser and AV solution in order to minimize the risk of getting infected with this or other kinds of malware.


DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jan 26th