Incident Response, Malware, TDR, Vulnerability Management

SecureWorks: Anti-spyware solution scam steals personal financial information

A complex plot involving fake anti-spyware products has scammed thousands of victims out of money and personal information, according to SecureWorks.

Hackers in Russia and other Eastern European countries are using the Russian Business Network (RBN) internet service provider (ISP) and other hosting outlets to lure victims into clicking on malicious ads on high-traffic websites, the Atlanta-based company reported this week.

Clicking on a malicious advertisement opens a pop-up warning about a suspicious problem on the victim's computer, initiating a "sales process" for a bogus anti-spyware solution that costs $19.95 to $79.95. The rogue websites collect credit card numbers, names and other personal information in the process, according to the SecureWorks.

Finally, the "anti-spyware solution" downloads a trojan, such as Zlob, which retrieves other personal information from the victim's PC over time, or a rootkit, which gives the attacker remote control of the victim's computer.

The names of the bogus anti-spyware found in this offer include Spy-shredder, AntiVirGear, MalwareAlarm and about 40 others.

The scammers make money not only from the sale of the "solution," but also from the sale of credit card numbers and access to the trojan- and rootkit-infected computers.

According to SecureWorks, the scam thrives on collaboration among a number of internet criminals who randomly inject the ads with the malicious code, making it difficult for the website owner to predict which ads are malicious, Jon Ramsey, SecureWorks chief technology officer, told

"This type of scam will be around for a while because it's showing success,” he said.

The RBN has been blamed for a number of high-profile cyberattacks in the past year, including the hijacking of the Bank of India's website in late August and June's “Italian Job” trojan attack.

Avivah Litan, vice president and distinguished analyst at Gartner, told on Tuesday that scammers “are getting more clever day by day in their ability to plant trojans on user PCs and avoid security programs put in place by enterprises and financial institutions.”

"In this case, the crooks are linking their malware to legitimate advertising services -- an increasingly popular tactic -- and tricking consumers into downloading a malicious program on their PC,” she said. “The crooks are then able to use the user's PC to launch more attacks or intercept user communications between the consumer and financial services and e-commerce websites. Then they are able to steal credentials, bank account, debit card account data and other sensitive personal information."

Litan added that most of the security measures deployed by banks, brokerages and e-commerce sites will not stop fraud perpetrated by these techniques.

"It's only a matter of time before websites servicing users will need to beef up their security measures, using, for example, out-of-band user authentication and transaction-verification techniques," she said. "Consumers also will have to start using stronger desktop security products that warn them, for example, when they are about to visit a spoof site or download a trojan."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.