Cyber criminals' new way to exploit the web to gain profit without first having to steal information
Dubai, United Arab Emirates -Trend Micro Incorporated, a leader in network antivirus and content security software and services, today announced that rogue security programmes are on the rise.
Unlike other threats that burst onto the scene with high levels of infection, these types of threats have been steadily increasing. Based upon data from Trend Micro™ (TSE: 4704) TrendLabsSM, rogue security programmes (as a percent of total threats) have increased from two percent in early 2006 to over 10 percent in March 2007. Rogue security programmes are the latest threat to exploit social engineering techniques for monetary rewards on the Web.
Rogue security applications are stealthily downloaded and installed on a user's PC. They relentlessly warn the user, in a number of ways, that their PC has been infected by some form of malware when in reality either no infection exists, or malware is installed along with the downloaded rogue software. In any case the software, operating as a "free trial", offers an upgrade at a fee for full functionality. Thousands of users have succumbed to this approach, purchasing rogue anti-spyware that provides no service at all, at costs of typically $50 per order. Once the user discovers that the software is useless and that they have provided their credit card to a fraudulent company, many users see fit to cancel their credit card, further adding to their inconvenience and loss.
The programmes can be installed in many different creative ways. For example, malicious use of a Windows exploit can enable the malware author to stealthily install the programme when a user simply opens an email or views a Website. In another method, when a user visits a site with video content, the site may instruct the victim to download a video codec in order to view video content. But instead of downloading a codec, the rogue anti-spyware is downloaded, and a simple command plays the video. Pop-up banner ads that entice users to download "needed" software also provide a means for malware authors to download this rogue software.
The rogue software is designed to look and feel like legitimate security software that is running in trial mode on the user's PC. The programmes repeatedly warn the user that they have been infected using pop-up windows, hijacked browser homepages, hijacked desktop wallpaper, and warnings that pop up from the system tray. In many cases, the cyber criminals design the warnings to resemble Microsoft™ Windows alerts. The programmes indicate that some form of a virus or spyware infection has been identified and that the only recourse is to purchase software to clean the infection.
Examples of the myriad phony software packages that have propagated are Winfixer, SpywareQuake, ErrorSafe, ErrorGuard, SpyShield, ApyAxe, SpywareNuker, and most recently, Spyhealer, DriverCleaner, and SystemDoctor.
"Rogue security programmes are clearly on the rise", says Justin Doo, Managing Director Trend Micro Middle East/North Africa. "Therefore users must demonstrate caution and always be alert when downloading software. In addition they need to protect their systems by using the latest security software against Web threats from a known and reliable vendor such as Trend Micro."
Trend Micro advises computer users to employ some best practices in order to avoid infection by rogue security programmes:
• Users should only purchase and use legitimate, trusted, name-brand security software (which can detect the installation of most rogue anti-spyware).
• If notified of an infection, seek a second opinion from a reputable online scanning service, such as Trend Micro HouseCall™ (www.housecall.trendmicro.com).
• When purchasing security software, check online reviews and feedback from users, as well as review the software Web site before purchasing, and use only a secure connection when purchasing. Look out for the padlock symbol in the bottom right hand corner of your window, indicating you are visiting a secured site.
• Check the validity of the software against lists of rogue software compiled by independent analysts (such as Spyware Warrior (http://spywarewarrior.com/).
-Ends-
About Trend Micro Incorporated
Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through corporate and value-added resellers and service providers worldwide. For additional information and evaluation copies of Trend Micro products and services, visit our Web site at www.trendmicro-middleeast.com .
Trend Micro, ScanMail,and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners.
Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.
© Press Release 2007
