Connecticut BBB - Scareware Attacks Spreading Through Legitimate Sites
The Better Business Bureau (BBB) in Connecticut cautioned computer users in the 1st week of November 2009 that an outbreak of cyber attacks posed an online risk of a new kind, namely "scareware" targeting PCs and private data.
Paulette Scarpetti, President of Connecticut BBB, said that the new menace exploited end-users' confidence on reputable websites, as reported by TheRidgefieldPress on November 5, 2009.
Scarpetti added that the scareware attacks represented a somewhat new phenomenon and a severe security risk to the private data of consumers. Reputed or legitimate websites and their visitors aren't free from them, said Scarpetti.
Citing an instance, officials at the BBB stated that during mid-September 2009, people visiting the website of 'The New York Times' unexpectedly found a warning pop up, which said that a virus had infected their PC. Subsequently, it directed them (visitors) to go to certain website and buy an antivirus program, which would remove the malware. But the program was actually phony and it downloaded even more malicious programs.
Explaining the attack, Felicia Thompson, Director of Marketing & Communications at BBB-Western, Northern & Central Arizona, says that basically when anyone visits a reputable website such as 'The New York Times', 'Twitter' or 'Google,' he receives a pop-up stating that he must update his AV program. The bottom line is that while the website one visits might be credible, it isn't necessary that the pop-up is real as well, as reported by Abc15 on October 20, 2009.
Thompson further states that in the current instance if a user follows web-link, he actually downloads a virus or some other worse item online.
Twitter and Google have also encountered scareware attacks in the recent times, while Microsoft has been cautioning people about increasing number of scareware attacks but it is combating hard to curb them. In fact, Microsoft sued five businesses, alleging that they were behind some scareware assaults.
Hence, Thompson suggests that people should ignore such pop-ups and the related web-links, and instead update the security software on their OS themselves. According to the BBB, it's more essential that users load their systems' operating updates and acquire AV programs from trustworthy sources.
Related article: Constant Growth in Botnets Poses a Serious Threat, ENISA
» SPAMfighter News - 21-11-2009