Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Fake antivirus software using ransom threats

Locks 'infected' apps, then asks for money

Fake antivirus programs appear to be adopting some of the money-raising tactics of more threatening ransom malware, security company Fortinet's latest threat report has found.

The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 per cent of all malware threats detected by the company during the month.

Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are 'infected'. The user is invited to have the infection cleaned by buying the bogus TotalSecurity product.

Adding an extra layer of sophistication to its arsenal - and no doubt aware how quickly bogus antivirus software is blocked by genuine security products - TotalSecurity can now vary the downloads it feeds to target PC using server-side polymorphism. Put another way, the exact version downloaded to a victim's PC will constantly change which makes detection harder.

"This is a technique typically seen with botnets, such as Waledac, and has been picked up by the developers of TotalSecurity. This is another example of how relying purely on antivirus is not a silver-bullet approach to protecting systems from infection," said Fortinet's threat research head, Derek Manky.

According to Fortinet, such attacks demonstrate the vulnerability of PC-based antivirus software. A layered defence would have a better chance of detecting TotalSecurity by either intercepting the initial spam used to spread it or by blocking the download website.

Once rare enough to be a curiosity, malware using threats and direct interference with a PC's operation have slowly become more common.

A previous report from Fortinet in March noted a sudden surge in the technique, about a year after the first aggressive use of ransomware in the form of the notorious Vundo Trojan. That particular piece of malware used crude encryption of a victim's files.

In July came news of the odd Krotten Trojan that disables a victim's PC in a variety of ways before asking for a tiny payment to be made to a Ukrainian mobile phone network. Two months before that researchers in Japan discovered the Kenzero porn blackmail Trojan that threatens to post a victim's embarrassing browsing history to a public website.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, Fortinet
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: security, Personal Tech, Fortinet
Latest Blog Posts
Whitepapers
  • Chapter 1: Threats and Challenges to Enterprise VoIP
    The convergence of voice and data networks has been evolving and gaining momentum for several years. Organizations that are implementing Voice over IP (VoIP) in an effort to cut communications costs or leverage the competitive advantage of integrated services shouldn’t overlook the security risks that arise as voice and data converge.
    Learn more »
  • Eight threats your antivirus won’t stop - Why you need endpoint security
    News headlines are a constant reminder that malware attacks and data loss are on the rise. High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the Internet for legitimate purposes. This paper outlines eight common threats that traditional antivirus alone won’t stop, and explains how to protect your organisation using endpoint security.
    Learn more »
  • Pay-As-You-Grow: Investment Protection and Elasticity for your Network
    Enterprise IT teams are being challenged to increase overall IT flexibility and business agility by incorporating emerging cloud technologies into their next generation datacentre architectures. Top of mind is how to embed a high degree of elasticity to properly handle increasingly unpredictable application traffic loads, while still meeting strict performance service level agreements (SLAs). Satisfying these often opposing goals requires that individual elements within the larger datacentre infrastructure provide a native capability to increase capacity and performance as conditions dictate. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources