[ISN] New Fake Antivirus Attack Holds Victim's System Hostage

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Oct 2009 01:29:13 -0500 (CDT)
http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml;jsessionid=FIWCQFEV0MTMDQE1GHRSKHWATMY32JVN?articleID=220601022

By Kelly Jackson Higgins
DarkReading
Oct 15, 2009

Attackers have added a new twist to spreading fake antivirus software: 
holding a victim's applications for ransom.

Researchers discovered a Trojan attack that basically freezes a user's 
system unless he purchases the rogueware, which goes for about $79.99. 
The Adware/TotalSecurity2009 rogueware attack doesn't just send fake 
popup security warnings -- it takes over the machine and renders all of 
its applications useless, except for Internet Explorer, which it uses to 
receive payment from the victim for the fake antivirus. "The system is 
completely crippled," says Sean-Paul Correll, threat researcher and 
security evangelist for PandaLabs, which found the new attack.

Correll says when the rogueware detects any application on the machine 
starting to execute, it then shuts down the application. "This happens 
for every file you try to open except IE. The only reason IE works is 
because that's what's used to allow victims to pay the cybercriminals," 
he says.

Bad guys have used ransom threats in phishing attacks and distributed 
denial-of-service (DDoS) attacks, but Correll says this is the first 
time it has been used to force users to buy rogueware. Rogueware 
distributors typically prompt the victim with pop-up messages, but the 
user can bypass the purchasing process by ignoring them or clicking 
through them.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Thu Oct 15 2009 - 23:29:13 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 15 2009 - 23:51:54 PDT