SophosLabs blog

The conveyor belt of fake alert malware has continued apace over recent days. As previously reported [1,2,3], the attackers are using a variety of tricks and social engineering in order to infect victims.

In contrast to other malware, where the attackers only need to infect victims, fake alert malware requires a second step to be successful. For the attackers to make money, the victim has to be duped into actually paying to register the product.

This is ordinarily achieved by a neverending cascade of system tray alerts and popup warning messages, all intended to scare the user into paying up. However, recently I noticed some of this malware delivering other quite nasty social engineering tricks.

For example, when infected with ‘Antivirus 2009′ (variants of which are being proactively detected as Mal/EncPk-CZ), when attempting to access the Microsoft web site:

Or when viewing the Sophos web site:

When accessing Google, the user is presented with a particularly realistic warning:

The latter warning is the most cunning of the tricks that I have observed thus far. I suspect it is sufficiently believable to fool many users.

Posted on August 27th, 2008 by Fraser Howard, SophosLabs UK
Filed under: General, Malware

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• dot HT what? More Fake Alert trickery.
• Pwning the clipboard - latest trick used in FakeAlert distribution
• Simulated BSOD seals the FakeAlert deal
• Same old social-engineering
• Yet more FakeAV trickery