Fake antivirus peddlers helped by Microsoft, IRS
Just weeks after the U.S. Federal Trade Commission shut down two companies accused of selling fake antivirus software, a new player has moved into the market, aided by glitches in the Microsoft and U.S. Internal Revenue Service Web sites.
Over the past four days the scammers have used so-called redirector links on Web sites belonging to magazines, universities and, most remarkably, the Microsoft.com and IRS.gov domains, said Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham, who first reported the activity on his blog Tuesday.
Many Web sites use redirector links to take visitors away from the site, although the Web site operators try to stop them from being misused by scammers. For example, the Google URL http://www.google.com/search?q=idg&btnI=3564 uses Google's "I'm feeling lucky" feature to send Web surfers to IDG.com.
If criminals can use a redirector on a major Web site like Microsoft.com or IRS.gov, however, they can make their malicious links pop up very high in Google search results, Warner said in an interview.
"Microsoft is a super-powerful site as far as search engine weight is concerned," he said.
The bad guys have tricked search engines into returning their malicious links to tens of thousands of search terms, Warner said. They've done this by using special software to add these redirector links to "tens of thousands of blog comments, guestbook entries, and imaginary blog stories all around the Internet," Warner said in his blog posting.
You can see the results of this activity. A Google search for the term "Microsoft Office 2002 download" yields a Microsoft.com redirection link as its first result. That link had been redirecting visitors to a malicious Web site, which launched Web-based attack code against victims and tried to trick them into downloading fake antivirus software, Warner said. By Tuesday evening, Microsoft had fixed the problem, so the Microsoft.com link that pops up in the google search results was no longer taking surfers to the malicious Web site.
The IRS has now addressed the issue too, but about 20 other sites remain a problem Warner said.
The fake antivirus software, also called "scareware," installs a keylogger on the victim's computer, presumably to steal login names and passwords, and also launches fake warning popups on every Web page that the victim visits telling him he needs to buy antivirus software, called System Security. The price for the fake product? A believable-sounding $51.45.
The FTC estimates that 1 million consumers were taken in by other fake antivirus products which go by names such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus. On Dec. 10 a federal court ordered two companies, Innovative Marketing and ByteHosting Internet Services, to stop promoting these products.
Warner doesn't know who is behind System Security, but he believes that the scammers behind this latest operation may be connected to the earlier scams. "It's similar enough that it's got to be somebody who has a relationship with the last group," he said.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
fake antivirus
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Type of bugs that can damage and ruin my computer.
If you are like me and tired many different scans in the past looking for something that will protect and clean your computer, give Search-and-destroy Antispyware a try. I found that the antispyware solution from Search-and-destroy (http://www.Search-and-destroy.com) is an excellent choice. It’s less expensive than many of the other scans I’ve tired but it finds the same type of bugs that can damage and ruin my computer. I am so happy with this scanner that I want to tell everyone about it so you can give it a try to. I’m sure you will love it.replica bags
Tourism can relax one's body and mind .People choose to go out at the National Day Holiday .Many of them will go abroad ,Franch 、England may be their first choice ,as these countries have many classical buildings replica handbags .And Franch is the mother country of fashion.