Monday, September 21, 2009

Example of fake or misleading security web site

One of the most current popular categories of malware is fake or misleading security applications.  One security company has an entire blog http://rogueantispyware.blogspot.com/ dedicated to this subject.  To offer a brief summary of this threat, you are taken by some method to a web site that displays some information about all of the viruses your computer currently has.  You are prompted to download and run a free scanning utility.  This download actually contains the malware in question.  The free download will confirm that your computer has problems and you are then prompted to pay via credit card to use the “full” version that will remove all of the existing threats.  So you are tricked into playing for a fake solution to a problem that does not exist.

Below are some screen captures I took from a “rogue” security web site.  New versions of these threats appear on a regular basis, so the text and images may change but the basic concept should remain the same.

The initial screen will normally be a warning about threats currently found on your computer:

clip_image002

If you click anywhere on the screen, new information normally appears highlighting all of the threats that were found:

clip_image004

At this point, clicking anywhere on the screen will prompt a download dialog box to appear:

clip_image006

If you click on the Cancel button and attempt to leave the screen, the download dialog box will reappear.  If you attempt to close your web browser or simply close the tab, new dialog boxes may appear:

clip_image008

The malware authors attempt to “lock” your browser to prevent you from leaving the site until the .EXE in question is downloaded.  If you find yourself in this situation, one method of “escape” would to be “kill” your web browser process.  To launch the Task Manager dialog box, the quickest method is to select the Ctrl – Shift – Esc keys at the same time.  Click on the Applications tab.  In the example below, I only have one program currently running (Internet Explorer).  Click on the entry for the web browser to select it and then click on the End Task button:

clip_image010

A dialog box may appear asking if you really wish to close the application in question; click End Now.

clip_image012

You will lose any data within other tabs, but this procedure should allow you to “escape” the misleading security application’s web site.  The main item to avoid is downloading or launching any executable.

No comments:

Post a Comment