Malware, Security Strategy, Plan, Budget

Rogueware peddlers feed off McAfee fiasco

After McAfee pushed out a faulty signature update on Wednesday that crippled thousands, perhaps millions, of Windows XP Service Pack 3 users and the snafu drew the attention of bloggers and the New York Times, as might be expected, peddlers of rogue anti-virus solutions capitalized on the attention to push their phony "cures."

Using a tried-and-true strategy, the rogueware dealers once again took advantage of buzz generated in the media – in the past it's been anything from a natural disaster to a celebrity meltdown – to poison search results on the popular search engines, like Google and Bing. Using SEO tricks, the rogueware peddlers manipulated search results so that when a panicked user keyed in a search term, such as "McAfee update" or "McAfee 5958 [the faulty update's designation]," they retrieved links at the top of their search results offering fake anti-virus software.

McAfee has acknowledged the problem on its community blog forum, apologized, deleted the faulty update and offered a fix.

But as frenzied IT administrators work to remediate the McAfee update that is crippling machines in their enterprises, the problem can be compounded by users attempting to download and install a fake AV solution. In fact, McAfee itself has recently reported that cybercriminals made profits of $300 million globally from scamming consumers with scareware. Further, Symantec wrote in a report that over a seven month period in 2009, it received reports of 43 million rogue security software installation attempts.

"If you click on a dangerous link like this then you risk the chance of your computer being hit by a fake anti-virus attack (also known as scareware) which may attempt to con you out of your credit card details or trick you into installing malicious code onto your computer," Graham Cluley, senior technology consultant at Sophos, wrote in a post to his blog.

For more on the plague of rogue anti-virus solutions, see the April issue of SC Magazine.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.