Users might be a little more wary of unsolicited offers for anti-virus software after a SonicWall report indicated that fake anti-virus scams sailed to the top of the list as the most pervasive form of malware during the first half of 2011, according to a SonicWall midyear threat report, released Monday.
Researchers at SonicWall found fake anti-virus to be the most widespread threat, in part, because of its adaptability and reliance on increasingly more authentic looking interfaces and advanced social engineering techniques in order to infect users.
“The fake AV [anti-virus] program now has real graphic designers,” said Ed Cohen, SonicWall vice president of e-mail security business unit and corporate development. “They’re making framed pages and drop down menus. It looks very real.”
Fake anti-virus scams lure users in by offering a “free” virus scan, which often falsely alerts the victims that their computer is infected with malware. The fake anti-virus scam then offers to conduct a computer sweep that claims to eliminate the threat, for a fee that requires users' login credentials as well as credit card information. In reality, the anti-virus program being offered is bogus, and the user gives away personal and financial details to cybercriminals.
Cohen said that the scams are overwhelmingly successful by exploiting the latest news and trends with SEO poisoning attacks in order to get fake anti-virus links to the top of the search pages on engines such as Google or Bing.
The poisoned attacks then draw a broader user base, while targeting users with OS-specific and location-specific scams. Users often click the links thinking that they are visiting a site related to their search terms, only to be redirected to fake antivirus and malware sites that download bogus or malicious software onto their systems.
And many similar scams have branched out from fake anti-viruses to entice users with offers for other “free” software. A malicious variant is now circulating consisting of fake desktop utilities , Cohen said.
“Whatever people are inventing, it’s not limited to fake AV,” Cohen said.
In particular, researchers found that the rising tide of fake anti-virus during the first half of 2011 includes a new variant consisting of fake desktop utilities, propelled by SpyEye and Zeus Trojan spam.
In addition, the report found that security threats from social media continue to rise as social networking sites such as Facebook and Twitter are increasingly used in the workplace. Some of the most successful attack techniques include click-jacking scams that lead to pay-per-click surveys, as well as rogue apps that impersonate online games in order to distribute malware. Meanwhile, attacks on Twitter are often disguised by shortened malicious links that distribute malware when the mouse hovers over them.
Finally, mobile malware continues its upward trajectory, SonicWall said. In particular, mobile security threats for the Android platform experienced a big upward spike, proliferated with the growth of the Android Market.
While mobile security threats are not as widespread as PC-focused attacks, they are growing at a rapid clip, Cohen said Threats often infiltrate a mobile device via popular cross-platform applications such as Apple Safari and Adobe Reader, designed to attack multiple operating systems. Meanwhile, the small screens of mobile devices truncate long URLs, thus obfuscating links that masquerade as legitimate URLs.
Cohen said with the wider array of attack vectors brought in with mobile phones and tablets, come an increase in the number of attempts to exploit corporate networks. And compounding the threat is the fact that there are multiple ways cyber criminals can get onto users' Android and other mobile devices, he said.
“The more access points in the network, the more vulnerabilities there are in network,” he said. “There are so many places that can be exploited”