Environmental rogue traps users with "green" promise

Share this article:

A new rogueware menace is playing the environmental card, seeking to trap users into buying and downloading useless security software by claiming that donations to an environmental program will be made with every purchase.

“Green-conscious people, beware!”  Mary Grace Timcang, security analyst at Websense, said Wednesday on the company's Security Labs blog. “Just as the scare tactics of rogue AVs have already taken their toll, yet another ingenious twist appears -- this time resorting to a friendlier, ‘greener' tone.”

The victims of this scam are promised that “$2 from every sale will be sent on saving green forests in Amazonia.” The malware is propagated through Virtumundo or Zlob trojans placed on websites to which potential victims unsuspectingly surf, lured by spam campaigns or social engineering scams. Once hit by the malware, the machine shows pop-up messages claiming to offer a solution that will cure bogus security problems.

Timcang said that unlike some rogue AV campaigns that offer free trial versions, this one requires users to buy the malware with a credit card.

The site appears authentic, festooned with persuasive graphics and fake testimonials.

“This social engineering scheme appears to be picking up steam as stories of fake AV grief from victims posted on the web continue to pour in," Timcang said.

“From the attacker's viewpoint, rogue AV is almost a perfect solution,” Stephan Chenette, security research manager for Websense Security Labs, told SCMagazineUS.com Thursday. “It scares users into thinking they have been infected -- which they haven't -- and then installs a product that does infect them, and the victim pays the attacker for the privilege.”

During the past several days, cybercriminals have targeted users searching for information about the ongoing wildfires raging in California's Angeles National Forest. If certain results were clicked, a fake system scan was displayed to trick users into thinking their computer was infected.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.