Somebody once said..

"If you convince people that the wheel isn't right, they will allow you to re-invent it"

Tuesday, June 23, 2009

A new breed of attacks

In the beginning of 2009, there was a sudden increase in new form of malware being distributed. The bad guys are now getting smarter by the day, giving rise to a new breed of attacks being carried out. All the attacks have one common thing though - they exploit victims paranoia for malware !

Almost every month there is a new variant of these so called security or Antivirus programs. These fake security programs pretend to do a scan of your system and claim that the machine is infected with lot of malware, when the fact is that there is none ! Some of the screens shown are so convincing that any one not having an antivirus will easily fall for it.

[ Fig 1 - Fake Antivirus Programs ]

They all boast the WinXP/Vista look and feel. While some of them will trick you into downloading more malware, others will try to scare you into spending $30-80 to buy fake protection. They also supply the Visa, MasterCard and PayPal payment mechanisms that enable consumers to pay.

This takes fake security programs to the next level. Now apart from those irritating screens that show that the machine is infected, the malware locks and prevents other programs from running including Task Manager, Command Prompt or other system and office applications. There are even some variants that encrypt all office files stored on the system. Now the user is forced into paying up for using his own machine :o !

[ Fig 2 - Ransomeware encrypting office files ]

[ Fig 3 - SMS Ransomeware ]

But who said ransomeware was limited to only forcing user to buy fake programs ?! Welcome SMS Ransomeware :) .. While some of this family of malware lock the desktop, others take control of the mouse pointer preventing you from clicking anywhere else (how irritating :/ !) except for a window that requires a code to be entered. The victim is then prompted to send a premium SMS to a specified number to receive the unlock code.

SEO (Search Engine Optimization) Attacks
This attack is carried out by exploiting the way search engines work. The bad guys create different web pages and fill them with words and phrases that are popular search queries, such as "France Airline crash" or "American Idol winner" or "Conficker" for that matter. Next they hack into a popular, legit website using XSS (read Cross Site Scripting) and insert small JavaScript that redirects the browser to their web page. This is added on as many pages of the compromised high-traffic site as they can. This is where the SEO kicks in and starts ranking web pages and prioritizing search results, based on relevance. Now along with the results for popular websites, the bad guys page also turns up. Anyone who clicks on the bad links ends up with Malware !

You might think that all this dirty work might be some script kiddie sitting somewhere in Russia wanting to earn some quick bucks. But that's not all that it is to this story - there a whole bunch of underground syndicates running these operations !! There is an excellent article posted by Byron Acohido on his blog regarding how the bad guys are making profit out of this whole fake programs thing ! Now thats some real scareware ;)

No comments:

Post a Comment