Rogueware peddlers feed off McAfee fiasco

Share this article:

After McAfee pushed out a faulty signature update on Wednesday that crippled thousands, perhaps millions, of Windows XP Service Pack 3 users and the snafu drew the attention of bloggers and the New York Times, as might be expected, peddlers of rogue anti-virus solutions capitalized on the attention to push their phony "cures."

Using a tried-and-true strategy, the rogueware dealers once again took advantage of buzz generated in the media – in the past it's been anything from a natural disaster to a celebrity meltdown – to poison search results on the popular search engines, like Google and Bing. Using SEO tricks, the rogueware peddlers manipulated search results so that when a panicked user keyed in a search term, such as "McAfee update" or "McAfee 5958 [the faulty update's designation]," they retrieved links at the top of their search results offering fake anti-virus software.

McAfee has acknowledged the problem on its community blog forum, apologized, deleted the faulty update and offered a fix.

But as frenzied IT administrators work to remediate the McAfee update that is crippling machines in their enterprises, the problem can be compounded by users attempting to download and install a fake AV solution. In fact, McAfee itself has recently reported that cybercriminals made profits of $300 million globally from scamming consumers with scareware. Further, Symantec wrote in a report that over a seven month period in 2009, it received reports of 43 million rogue security software installation attempts.

"If you click on a dangerous link like this then you risk the chance of your computer being hit by a fake anti-virus attack (also known as scareware) which may attempt to con you out of your credit card details or trick you into installing malicious code onto your computer," Graham Cluley, senior technology consultant at Sophos, wrote in a post to his blog.

For more on the plague of rogue anti-virus solutions, see the April issue of SC Magazine.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.