Feeds

Scareware package greets marks by name

Fakeale redux

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Malware authors have created a strain of scareware packages that lifts the name of an infected user from the registry of an infected PC in order to create more convincing scams.

The wife of reader Chris came across the ruse when she used his PC to check on her Hotmail account. Before she could get onto the website she was confronted by a pop-up message saying "Chris [surname], your computer is infected with a Trojan, you should download this spyware removal tool (recommended)" and giving a yes/no option.

"I immediately closed it and am now running a scan to see what is causing this, but what was more concerning, and the reason that I am writing this to you, is that the perp of this malware/spyware/phishing attack has managed to write a program which can check the name that windows is registered to, to make it appear genuine," Chris told El Reg.

"This seems a really scary prospect to me, and I am IT savvy, but imagine Mr or Miss Average JoeShmo presented with that."

The malicious behaviour is identical to the Fakeale Trojan first spotted by net security firm Sophos last week. Carole Theriault, senior security consultant at Sophos, explained that the malware takes the user's name from the registry in order to craft a tailored warning message.

Fakeale Trojan false alarm

Users who respond to the come-on are taken the the website of an outfit punting a rogue anti-malware product. They are then told that their PC is infected with malware - even if it is clean - in a bid to frighten them into buying a product identified by Sophos as IE Defender installer.

Goes down badly: results of the scan of a clean machine

Bogus warnings that attempt to trick users into purchasing "anti-malware tools" and have little or no security utility have been around for some time. The Paleale Trojan only differs in the use of trickery to make the unpalatable scam more convincing. ®

Bootnote

Thanks for Fraser Howard in Sophos Labs for the screenshots.

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.