By Kelly Jackson Higgins
Oct 15, 2009
Attackers have added a new twist to spreading fake antivirus software:
holding a victim's applications for ransom.
Researchers discovered a Trojan attack that basically freezes a user's
system unless he purchases the rogueware, which goes for about $79.99.
The Adware/TotalSecurity2009 rogueware attack doesn't just send fake
popup security warnings -- it takes over the machine and renders all of
its applications useless, except for Internet Explorer, which it uses to
receive payment from the victim for the fake antivirus. "The system is
completely crippled," says Sean-Paul Correll, threat researcher and
security evangelist for PandaLabs, which found the new attack.
Correll says when the rogueware detects any application on the machine
starting to execute, it then shuts down the application. "This happens
for every file you try to open except IE. The only reason IE works is
because that's what's used to allow victims to pay the cybercriminals,"
Bad guys have used ransom threats in phishing attacks and distributed
denial-of-service (DDoS) attacks, but Correll says this is the first
time it has been used to force users to buy rogueware. Rogueware
distributors typically prompt the victim with pop-up messages, but the
user can bypass the purchasing process by ignoring them or clicking
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News