All the latest UK technology news, reviews and analysis


Microsoft warns of fake virus alert hitting Windows users

20 Aug 2014
Bogus alert messages besieging Windows users

Microsoft has uncovered a fresh wave of malware campaigns that block web users from surfing the internet using bogus threat alert messages.

Antivirus researcher at Microsoft Daniel Chipiristeanu discovered the campaigns while investigating rogue antivirus infection rates.

"Lately we're seeing a dropping trend in the telemetry for some of the once most-prevalent rogue [antivirus] families, such as Win32/Winwebsec, Win32/OneScan, Win32/FakeXPA, Win32/FakePAV," he said in a blog post.

"However, since the big malware ‘players' are having more trouble in taking advantage of users paying for fake security products, and are moving away from this kind of social engineering, we are seeing other players willing to fill the gap."

Chipiristeanu highlighted one of the campaigns as particularly malicious, as it uses fake antivirus malware to hamper its victims' ability to browse the internet.

"In the past we've regularly seen rogues use the hosts file [sic] to block access to a legitimate security product's websites to deny users protection against the threat," read the post.

"Rogue:Win32/Defru has a different and simpler approach on how to trick the user and monetise on it. Basically, it prevents the user from using the internet by showing a fake scan when using different websites."

He added that the bogus threat page includes a scam alert masquerading as a message from an antivirus vendor requesting the victim pay to have their system cleaned.

"An unsuspecting user, after receiving this warning more than a few times when browsing, might be inclined to click ‘Pay Now'. This will lead them to a payment portal called ‘Payeer' (payeer.com) that will display payment information," read the post. "But of course, even if the user pays, the system will not be cleaned."

Service disruption and lockouts are an increasingly common tactic in cyber criminals' scams. Ransomware takes a similar but more damaging approach to extort payment from its victims by locking infected systems to a custom lock screen.

Many of the lock screens include a bogus message masquerading as a 'fine' payment message from a legitimate law-enforcement agency.

The attacks have proven worryingly successful in recent months. Damballa revealed earlier in August that the infamous Kovter police ransomware is infecting nearly 44,000 devices per day, earning criminals as much as $1,000 per successful attack.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
16%
8%
16%
60%

Popular Threads

Powered by Disqus
Sony Xperia Z vs Apple iPhone 5

Sony Xperia Z vs Apple iPhone 5 head to head video review

V3 pits Sony's rugged flagship against Apple's premier handset

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Microsoft BI Developer - T-SQL, SSIS, SSRS, Datamarts

Microsoft BI Developer - T-SQL, SSIS, SSRS, Datamarts...

Product Manager FX Single Dealer Platform Banking London

Product Manager (FX Trading Single-Dealer Platform SDP...

Reliability Engineer - Electronic Engineering

Reliability Engineer - Electronics Engineering background...

Control Systems Engineer - SCADA /PLC

Control Systems Engineer - PLC / SCADA Location - South...
To send to more than one email address, simply separate each address with a comma.