G DATA Software AG: Antivirus, Virenschutz, Virenscanner, Internet Security

Bochum, (Germany), 1st October 2008 - In a worldwide campaign, inter-national cyber criminals are attempting to trick innocent users with fake security solutions. During the last few weeks, the experts at G DATA Security Labs have noticed an explosion of "rogue anti-spyware". The criminal‘s contrick is both complex and ingenious. First malware is deposited on compromised (hacked into) websites, which then infects PCs, without the user noticing, in a drive-by-download and installs a purported virus protection program. This then immediately reports a discovered infection. "Disinfection" is then only possible by purchasing and registering the useless and indeed harmful program. Using this elaborate hoax, the aim of the attackers is, amongst other things, to obtain credit card information, personal data and even to gain control of the computer itself. In the next step, the PC is infected with further malware and converted to a zombie for spreading spam. With more than 1000 different variants, the "Trojan-Downloader.FraudLoad" is the most active malware family involved in this particular eCrime concept.

Ralf Benzmüller, manager G DATA Security Labs:
"Online criminals only develop the eCrime products and concepts that are most promising. The whole business is aimed at maximising profits -"poor dogs" are quickly removed from the portfolio. The blossoming of these security blooms in the past must have been particularly successful. The increase of the last few weeks and months is clear evidence of this. The victims of these attacks are mostly users, who in an ill-conceived manner, avoid purchasing powerful security solutions and do not keep the browser and operating system up to the latest version."

Screenshot of fake scanner Antimalware Guard

Elaborate data hunting
The extremely elaborate procedure, using discovered malware infections and supposed security software, is to encourage potential victims to part with personal data in a first step. The target of the data hunters: credit card information, telephone numbers and email addresses. Many versions of the "rogue antispyware" used even go a step further and carry out almost in "piggyback fashion" an actual infection, so that they can bring the PC completely under their control. These are then integrated as zombies into botnets and then hired out to provide income as a spam spreader.

Screenshot: Registration page of Antimalware Guard

Four tips from the G DATA experts
1. Only use security solutions with current virus signatures. Expired trial versions or security software without signature updates do not offer sufficient protection against malware.

2. http-filters offer effective protection against drive-by-downloads. All data traffic is examined for malware before it reaches the browser. Never turn this off!

3. Always maintain the operating system and browser updated to the latest version and regularly install updates.

4. Recommended: deactivate active browser content. Javascript, Active-X and other components are frequently used to insert malware "through the backdoor".