There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.
Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.
When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome to" and names a popular antivirus software and suggests closing other applications. If the victim falls for the ruse, it then displays a message that says "To complete installation, you must go through activation" and offers several ways to pay, including SMS (Short Message Service), WebMoney, and credit card.
If you click "cancel", the program won't install, compared with typical fake antivirus programs that have already infected the system by the time the victim realizes what is happening and keep displaying the annoying pop-up messages, even after reboot, Khetarpal said.
The company has seen five versions of the rogue security programs masquerading as software from Avast, Norton, McAfee, BitDefender, and RootKitBuster, and they, as usual, target Windows systems.
Khetarpal could not say how widespread the malware is but said he has seen it in a "lot of Web sites" and in relation to search results for popular and trending topics.
Fake AV scammers aren't the only ones to hop on the SMS payment bandwagon. Scammers were found to be seeking payment by SMS for fake browser updates earlier this year, according to GFI Labs.
Monday, April 18, 2011
New fake antivirus accepts SMS payments
Monday, April 4, 2011
Virus Attacks. Facebook of South Africa Endangered!
It's over the corner. Millions of Facebook users should take all the possible precautions, especially South Africans. Why? It was recently announced that extremely dangerous viruses have started to spread worldwide. However, at this point, the primary source of attack is South Africa.
According to the CEO of ESET Sounthern Africa, Carey van Vlaanderen there are two types of viruses which are most dangerous. One of them is Yimfoca.AA which attacks through Facebook chats, while Fbphotofake uses Facebook spam messages in order to distribute all kinds of malware.
According to the research done, people started not to trust in emails send from unknown sources. However, a vast majority of Facebook users still consider messages sent from friends to be reliable and secure. Of course, you should always keep in mind what message you receive, what it states and only then open it. You should be more suspicious about all your friends cause, in most cases, when a Facebook profile gets infected, even your friend is unaware that he is sending spam messages with malicious data in it.
Therefore, we advise you to take extreme caution and be suspicious about everything, about every single message you receive even from your best friend.
Although the viruses Yimfoca.AA and Fbphotofake have started to spread in Southern Africa, it won't take long till they reach not only Europe but America as well. Surf safe!