Monday, January 30, 2012

When imitation isn’t a form of flattery

Rogues (fake antivirus programs) have been around for many years.  Members of the security community and people who have been on the Internet for a number of years will recall the various "SpyAxe", "SpyTrooper" and associated rogues in 2005 that we relied so heavily on the smitRem tool developed by "noahdfear" to remove. 

Over the years, the rogues have evolved, many with rootkit components.  Just like clever phishing e-mails, the rogues are also very convincing with legitimate-looking windows as they attempt to convince people to fork over hard-earned money in order to "clean" the infected computer.

Today, we are faced with not only rogues imitating Microsoft security software but also scammers telephoning unsuspecting people, attempting to obtain remote access to their computer.  These scammers misrepresent themselves as calling on behalf of Microsoft or as Microsoft technicians.

As illustrated in When imitation isn’t a form of flattery, by Jasmine Sesso, MMPC Melbourne, Microsoft is not only adding the rogues to detection but also warning customers that Microsoft will NEVER call anyone to tell them that their computer is infected.  As clarified in the article:
  • "Our consumer products, namely Microsoft Security Essentials, Safety Scanner and Windows Defender are available to all genuine Windows users for free. That's right – we offer these products at no cost! So please, do not enter your credit card details into a program that looks like one of ours, as this is most likely a rogue.
  • We do not pop up on your screen every 30 seconds, minute, 90 seconds, etc. Rogues, however, will pester you and pester you until you either a) click OK and concede to buy their malicious program, or b) remove them once and for all with a reputable antivirus.
  • Microsoft will never cold-call a user. Ever. If you receive one of these phone calls, hang up."
Note:  Never click on the rogue pop-up window.  Even attempting to close the window by clicking the "X" will result in giving permission to continue with the installation.  Instead, use the keyboard command Alt + F4 to close the window.  Follow with an updated scan with your onboard antivirus software.

Please also note this excellent advice included in the article:

"We will continue to fight the good fight, and do what we can to prevent the spread of malicious programs; but in the meantime, stay safe online, and think twice before handing over your credit card details to a third party you cannot verify – like one displaying pop-ups, or on the end of an unsolicited phone call."
Read the full article on the MMPC Blog: When imitation isn’t a form of flattery.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: