We got hit with this scam.
Real Live Support Services with Fake Antivirus
By Deb Radcliff, MyIDMatters Editor
Criminals are still using pop-ups to scare people into thinking their computers are infected with viruses and clicking on and even paying for fake antivirus software that is actually malware for hijacking Web browsers and e-mail accounts, installing key-loggers and stealing financial data.
What's new is they're upping the legitimacy quotient by using live chat sessions during which live "tech support personnel" further convince potential victims that the pop-up is legitimate and that they can help clean off the viruses.
In one instance monitored by Symantec researchers earlier this year, a criminal organization used a legitimate program called LiveZilla to reach out to potential victims via a "Live PC Care" program. Clicking the link for live support brought users into a chat window with a Windows logo on the left, a picture of a helpful operator on the right.
In this particular session, posted on Symantec's "Security Response" blog, live support gave seemingly legitimate reasons why the consumer's existing antivirus protection may not have been working. They're saying, for example, that the anti-malware is outdated or disabled by new malware seeking to load more viruses. (Ironically, the rogue antivirus software being pitched does exactly the latter.)
Criminal organizations are upping their tactics in order to continue feeding what has been a lucrative market. Symantec's Security Technology Response team on rogue antivirus software found one distribution site, for example, to be earning $332,000 a month for installing rogue security software programs.
Symantec's security technology response team on rogue antivirus software found one distribution site, to be earning $332,000 a month for installing rogue security software programs.
The response team counted more than 43 million victims who purchased and applied the rogue antivirus from July 2008 through June 2009. Victims pay $30 to $100 for the rogue software, plus unknown costs in stolen account and financial data that is used due to the resulting infections, according to the report.
These fake warnings pop up on a computer in multiple ways, says Kevin Haley, director at Symantec Security Response.
One of the most prevalent ways is through "poisoned" search results. This happens when the malware distributors are able to fool search engines into believing they have relevant information on some topic currently in the news. End users are then directed to that site when they search on the topic. These types of attacks also could pose as legitimate advertisements on other sites, he adds.
"These Web sites will pop-up a browser window on your screen that looks like a system message," Haley says. "The pop-up will warn you with big flashy messaging that you have malware on your machine."
"WARNING! YOUR COMPUTER'S INFECTED"
By the time you see a message of infection in big, bold letters on your computer, it's probably too late. The very message you're seeing is part of a complex malware package loading through your browser.
So what do you do if you encounter one of these scary warnings? Kevin Haley, director at Symantec Security Response, advises the following:
Close your browsers immediately. The cybercriminals try to make this hard to do. So if you're in Firefox or Windows IE and can't close the browser in the normal way, hit Ctrl W to close the tab or try Ctrl F4 to shut the window. Alt F4 should work to close the entire application, but if not, you can press Ctrl Alt Delete to quit the browser in the Task Manager.
If the warning message persists after closing the browser or if you are unable to close the browser, the rogue antivirus program has successfully installed on your PC. In order to protect contacts in your e-mail address books and safeguard financial, account and password data on your computer, disconnect from the Internet and take the machine in to a trusted computer repair provider.
Be wary of any security warning that pops up on your screen from a product you have not already purchased, Haley advises.
"No legitimate security program will scan your machine unless you've asked it to," he says. "And when we do find malware on your machine we will notify you [in the scan report], but we are not going to get in your face and try and scare you."
Keeping browsers patched and up to date and having good security software installed and kept up to date will prevent a lot of these problems. Always be on the lookout for newer, more clever forms of these fake antivirus programs. As Haley says, "New twists surface all the time."
