Architecture, Network security, Threats, Malware

Taking advantage of SC Magazine’s good name

July 25, 2011

We've known for some time that one of the key tools in the cybercriminals' arsenal is social engineering, namely the ability to make their scams look legitimate by capitalizing on the trust users have in well-known brands.

It's known as "brandjacking," and it's been happening for years in phishing attacks, where high-profile companies like Bank of America and PayPal are routinely used as bait to either siphon personal information from unsuspecting individuals or to drive them to malware-serving websites.

We've also seen it in rogue anti-virus campaigns, where criminals leverage reputable brands, such as Microsoft, in order to trick users into paying for and installing a fake product that does nothing more than make you $49.95 poorer.

They say imitation is the highest form of flattery. So, in that regard, these companies whose brands are hijacked should give themselves a pat on the back for being an established and dependable name. But they also should be concerned, as being associated with any criminal undertaking can have a negative impact on one's reputation.

And that is exactly the boat SC Magazine finds itself in right now. Thanks to the always-shrewd detective work of Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, we've learned that our well-respected brand is being used as part of a new, largely undetectable rogue AV scam. (Scroll down for the image).

Apparently, the crooks are trying to peddle their fake anti-virus program with the added "selling point" that it was a 2011 SC Magazine Awards finalist. Such a claim is, of course, patently untrue, and it's nothing more than a ploy to increase the hoax's legitimacy.

But it's still a bit unnerving.

"We knew IT buyers around the world look at SC Awards as barometers of the best in today's security, but we were a little surprised to find the bad guys using it to try to trick people," said Illena Armstrong, SC Magazine's editor-in-chief.

But the reality is, hackers will stop at nothing to spread their wares, as we've seen with recent Facebook cons taking advantage of such tragic events as the Oslo terrorist attacks.

The best lesson is to "think before you click," as this particular rogue AV scam was kicked off when users clicked a malicious attachment claiming to come from MasterCard.

Our job at SC Magazine has always been to provide you with the facts.

So, with that in mind, here is a list of the *real* SC Magazine Awards 2011 U.S. finalists. And (shameless plug), if you wish to get information on the 2012 installment and submit your entry, please visit here.

Stay safe out there.

-Dan Kaplan, executive editor

prestitial ad