May Threat Trend: Misleading Malware

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20090608-fakealert_sThe latest data from our customers indicate that, at least in the month of May, we were blocking and removing some of the nastiest threats on the Web. Among the spies we took out, we hit Fakealerts and Rogue Security Products hard. These spies simply try to fool you into making purchases you otherwise wouldn’t. After taking a hiatus of several months, the makers of these types of malware appear to be making a comeback.

Simply put, a Fakealert is just a piece of adware. Unlike traditional ads, however, the ads a Fakealert pops up take on the appearance of official-looking error dialogs and Windows-esque warning messages — albeit, not always as poorly worded as the example shown here. Many present themselves as clones of the Windows Security Center control panel, or as those cartoon-voice-bubble popups from the System Tray.

Fakealerts push their particular brand of stale baloney on the unsuspecting public for one reason: They want to trick you into downloading and running a program that looks, for all intents and purposes, like a system utility or an antispyware or antivirus product. The program displays realistic-looking “scans” that “find” allegedly malicious files on your computer.

The joke of these “scans” is that they’re often no more than Flash animations. Because they run on any operating system that can display a Flash video, you can even get them to “scan” a Mac or Linux box, and “find” malicious files in parts of the filesystem that don’t even exist on those platforms. Oh well; you can’t blame a fraudster for trying.

Many of these threats are installed when users inadvertently click a popup message that warns the user that they need to run a file in order to load a missing video codec, or install an ActiveX control that supposedly will perform a “free scan” of a system. Sometimes the people behind these ads even put a fake “close box” in the upper right hand corner of the fakealert message, to trick you into clicking inside the active area of the ad window. If you see this kind of ad appear, hold down the Alt key on your keyboard while you press the F4 key — that will close the ad window without requiring you to click anywhere inside of it.

The bottom-line message to you is that while you should remain vigilant against potential frauds and scams, keeping your PC updated with the latest threat definitions is equally if not more important.

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s