Environmental rogue traps users with "green" promise

Share this article:

A new rogueware menace is playing the environmental card, seeking to trap users into buying and downloading useless security software by claiming that donations to an environmental program will be made with every purchase.

“Green-conscious people, beware!”  Mary Grace Timcang, security analyst at Websense, said Wednesday on the company's Security Labs blog. “Just as the scare tactics of rogue AVs have already taken their toll, yet another ingenious twist appears -- this time resorting to a friendlier, ‘greener' tone.”

The victims of this scam are promised that “$2 from every sale will be sent on saving green forests in Amazonia.” The malware is propagated through Virtumundo or Zlob trojans placed on websites to which potential victims unsuspectingly surf, lured by spam campaigns or social engineering scams. Once hit by the malware, the machine shows pop-up messages claiming to offer a solution that will cure bogus security problems.

Timcang said that unlike some rogue AV campaigns that offer free trial versions, this one requires users to buy the malware with a credit card.

The site appears authentic, festooned with persuasive graphics and fake testimonials.

“This social engineering scheme appears to be picking up steam as stories of fake AV grief from victims posted on the web continue to pour in," Timcang said.

“From the attacker's viewpoint, rogue AV is almost a perfect solution,” Stephan Chenette, security research manager for Websense Security Labs, told SCMagazineUS.com Thursday. “It scares users into thinking they have been infected -- which they haven't -- and then installs a product that does infect them, and the victim pays the attacker for the privilege.”

During the past several days, cybercriminals have targeted users searching for information about the ongoing wildfires raging in California's Angeles National Forest. If certain results were clicked, a fake system scan was displayed to trick users into thinking their computer was infected.


Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.