After McAfee pushed out a faulty signature update on Wednesday that crippled thousands, perhaps millions, of Windows XP Service Pack 3 users and the snafu drew the attention of bloggers and the New York Times, as might be expected, peddlers of rogue anti-virus solutions capitalized on the attention to push their phony "cures."
Using a tried-and-true strategy, the rogueware dealers once again took advantage of buzz generated in the media – in the past it's been anything from a natural disaster to a celebrity meltdown – to poison search results on the popular search engines, like Google and Bing. Using SEO tricks, the rogueware peddlers manipulated search results so that when a panicked user keyed in a search term, such as "McAfee update" or "McAfee 5958 [the faulty update's designation]," they retrieved links at the top of their search results offering fake anti-virus software.
But as frenzied IT administrators work to remediate the McAfee update that is crippling machines in their enterprises, the problem can be compounded by users attempting to download and install a fake AV solution. In fact, McAfee itself has recently reported that cybercriminals made profits of $300 million globally from scamming consumers with scareware. Further, Symantec wrote in a report that over a seven month period in 2009, it received reports of 43 million rogue security software installation attempts.
"If you click on a dangerous link like this then you risk the chance of your computer being hit by a fake anti-virus attack (also known as scareware) which may attempt to con you out of your credit card details or trick you into installing malicious code onto your computer," Graham Cluley, senior technology consultant at Sophos, wrote in a post to his blog.
For more on the plague of rogue anti-virus solutions, see the April issue of SC Magazine.