Rogueware peddlers feed off McAfee fiasco

Share this article:

After McAfee pushed out a faulty signature update on Wednesday that crippled thousands, perhaps millions, of Windows XP Service Pack 3 users and the snafu drew the attention of bloggers and the New York Times, as might be expected, peddlers of rogue anti-virus solutions capitalized on the attention to push their phony "cures."

Using a tried-and-true strategy, the rogueware dealers once again took advantage of buzz generated in the media – in the past it's been anything from a natural disaster to a celebrity meltdown – to poison search results on the popular search engines, like Google and Bing. Using SEO tricks, the rogueware peddlers manipulated search results so that when a panicked user keyed in a search term, such as "McAfee update" or "McAfee 5958 [the faulty update's designation]," they retrieved links at the top of their search results offering fake anti-virus software.

McAfee has acknowledged the problem on its community blog forum, apologized, deleted the faulty update and offered a fix.

But as frenzied IT administrators work to remediate the McAfee update that is crippling machines in their enterprises, the problem can be compounded by users attempting to download and install a fake AV solution. In fact, McAfee itself has recently reported that cybercriminals made profits of $300 million globally from scamming consumers with scareware. Further, Symantec wrote in a report that over a seven month period in 2009, it received reports of 43 million rogue security software installation attempts.

"If you click on a dangerous link like this then you risk the chance of your computer being hit by a fake anti-virus attack (also known as scareware) which may attempt to con you out of your credit card details or trick you into installing malicious code onto your computer," Graham Cluley, senior technology consultant at Sophos, wrote in a post to his blog.

For more on the plague of rogue anti-virus solutions, see the April issue of SC Magazine.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.