Fake Anti-Virus Programs Used to Hijack and Block Computers, According to PandaLabs

Fake Anti-Virus Programs Used to Hijack and Block Computers, According to
PandaLabs
- Cyber criminals now combine rogueware with ransomware, enabling them to
hijack users' information and block computer use











GLENDALE, Calif., Oct. 14 /PRNewswire/ -- PandaLabs, Panda Security's malware
analysis and detection laboratory, has identified a new, more aggressive trend
cyber criminals are using to sell fake anti-virus programs, otherwise known as
rogueware. Cyber criminals are now combining rogueware with ransomware,
hijacking users' computers and rendering them useless until victims purchase
fake anti-virus programs. 


The fake program that PandaLabs has discovered, called Total Security 2009, is
being offered to victims for approximately $79.95. Victims can also purchase
'premium' tech support services for an additional $19.95. Users who pay the
ransom receive a serial number that releases all files and executables,
allowing them to work normally and recover their information. The fake
anti-virus, however, remains on their systems. PandaLabs has published a list
of serial numbers that victims can use to unblock their computers, as well as
a video demonstrating how this scam operates, at:
http://pandalabs.pandasecurity.com/archive/Rogueware-with-new-Ransomware-Technology_2221_.aspx.


Previously, when computers were infected by this type of malware, users would
typically see a series of warnings prompting them to buy a paid version of the
program. The new method of selling rogueware blocks users' attempts to run
programs or open documents, displaying a message falsely informing them that
all files on their computers are infected and the only solution is to buy fake
anti-virus. 


"Users are often infected unknowingly - in most cases through visiting hacked
Web sites. Once a computer is infected, it is extremely difficult to eliminate
the threat, even for those with a certain degree of technical knowledge," said
Luis Corrons, technical director of PandaLabs. "Users are also prevented from
using any type of detection or disinfection tool, as all programs are blocked.
The only application that can be used is the Internet browser, conveniently
allowing the victim to pay for the fake anti-virus. For this reason, on the
PandaLabs blog, we have published the serial numbers required to unblock the
computer if it has been hijacked. Users can then install genuine security
software to scan the computer in-depth and eliminate all traces of this fake
anti-virus." 


"The way this rogueware operates presents a dual risk: First, users are
tricked into paying money simply in order to use their computers; and second,
these same users may believe that they have a genuine anti-virus installed on
the computer, thereby leaving the system unprotected," adds Corrons.  


"This shift toward hijacking computers indicates either that users are
becoming more adept at recognizing these threats or that security companies
are beginning to close the gap on this highly sophisticated level of
cybercriminal behavior. This would explain why hackers are becoming more
aggressive in the methods used to force the victims into purchasing fake
anti-virus programs." 


PandaLabs recently published a report about the lucrative business of
rogueware. The report is available at:
http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf


About PandaLabs
Since 1990, its mission has been to detect and eliminate new threats as
rapidly as possible to offer our clients maximum security. To do so, PandaLabs
has an innovative automated system that analyzes and classifies thousands of
new samples a day and returns automatic verdicts (malware or goodware). This
system is the basis of collective intelligence, Panda Security's new security
model which can even detect malware that has evaded other security solutions. 


Currently, 94% of malware detected by PandaLabs is analyzed through this
system of collective intelligence. This is complemented through the work of
several teams, each specialized in a specific type of malware (viruses, worms,
Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global
coverage. This translates into more secure, simpler and more resource-friendly
solutions for clients.


More information is available in the PandaLabs blog: http://www.pandalabs.com.






SOURCE  Panda Security

Shannon Walsh of Bateman Group, +1-415-503-1818, panda@bateman-group.com, for
Panda Security