Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2010  
Jan Feb  
     
     
     
About Diary's Authors
About Diary's Authors

The Analyst's Diary is a weblog maintained by virus analysts from Kaspersky Lab headed by Eugene Kaspersky. Find out more about the authors of this weblog.
Securelist Polls
How would you prefer to pay for your antivirus solution?
Using a prepay card
Via your mobile (SMS)
Via the Internet using a debit\ credit card
Using cash\ credit\ debit in a shop
Using an e-payment system (e.g. PayPal)
Other
  View responses
 

  Home / Weblog

Analyst's Diary

The evolution of rogue antivirus


  Dmitry       October 29, 2009 | 11:16  GMT

comment  

We often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries. And I just came across a great example of this: it shows how the people behind rogue antivirus solutions adapt their "products" to exploit developments and changes in genuine AV solutions.

A couple of months ago, Microsoft released its free anti-malware product, Microsoft Security Essentials. It's designed to ultimately replace Windows Defender, an earlier in-built antispyware product. It looks as though the guys behind the rogue AV which I just came across aren't only playing on people's fears, but on their lack of knowledge. Malware and IT threats are getting increasing coverage in the general media, but if you're not particularly interested in IT, you're not that likely to remember all the facts. Using the name "Windows Enterprise Defender" is a neat way of getting someone who might have heard of Windows Defender, and half-remembers Microsoft's latest release, to be fooled into thinking that the rogue AV is the genuine article.

Of course, the product activation process looks very similar to the genuine Microsoft process...

This case is a great example of how social engineering tactics get modified for maximum profit, and it illustrates a kind of microevolution in rogue AV solutions:

Use a name which is not related to any other software



Require payment to delete detected viruses



Use a name which is either the same name as that of existing software, or very similar



Require payment for a "product" which is supposedly part of the operating system

With the cybercriminals becoming more and more sophisticated in their approach, rogue AV isn't a laughing matter. But there is a funny side to this: the "threats" this rogue detects don't use names from Microsoft's malware classification, but from ours :)

 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com