Environmental rogue traps users with "green" promise

Share this article:

A new rogueware menace is playing the environmental card, seeking to trap users into buying and downloading useless security software by claiming that donations to an environmental program will be made with every purchase.

“Green-conscious people, beware!”  Mary Grace Timcang, security analyst at Websense, said Wednesday on the company's Security Labs blog. “Just as the scare tactics of rogue AVs have already taken their toll, yet another ingenious twist appears -- this time resorting to a friendlier, ‘greener' tone.”

The victims of this scam are promised that “$2 from every sale will be sent on saving green forests in Amazonia.” The malware is propagated through Virtumundo or Zlob trojans placed on websites to which potential victims unsuspectingly surf, lured by spam campaigns or social engineering scams. Once hit by the malware, the machine shows pop-up messages claiming to offer a solution that will cure bogus security problems.

Timcang said that unlike some rogue AV campaigns that offer free trial versions, this one requires users to buy the malware with a credit card.

The site appears authentic, festooned with persuasive graphics and fake testimonials.

“This social engineering scheme appears to be picking up steam as stories of fake AV grief from victims posted on the web continue to pour in," Timcang said.

“From the attacker's viewpoint, rogue AV is almost a perfect solution,” Stephan Chenette, security research manager for Websense Security Labs, told SCMagazineUS.com Thursday. “It scares users into thinking they have been infected -- which they haven't -- and then installs a product that does infect them, and the victim pays the attacker for the privilege.”

During the past several days, cybercriminals have targeted users searching for information about the ongoing wildfires raging in California's Angeles National Forest. If certain results were clicked, a fake system scan was displayed to trick users into thinking their computer was infected.


Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.