Wednesday, January 11, 2006

Protect Yourself by Being Careful Who Protects Your Computer

We've all seen those nasty pop-ups offering to test our systems for spyware. In many cases all you got from these was a lot of spy and adware loaded on your system. Websense is reporting that they are detecting crimeware being downloaded via these ploys, either directly by clicking on the pop-up, or on the site it directs you to.

Websense has also detected the use of Zero Day vulnerabilities used in these attempts.

Here is the alert from Websense:

"Throughout December, Websense Security Labs™ reported a number of cases where browser and Operating System vulnerabilities were being used to install Potentially Unwanted Software onto end-users machines without user-intervention. In several cases, dozens of pieces of code were installed, and often report false information in order to entice the end-user to clean their machine from spyware.

We are now seeing some of those same entities using their exploit code to install more reprehensible crimeware, such as key loggers and phishing traffic redirectors. This code is designed to steal information in addition to the installation of potentially unwanted software.

Users are typically infected through an IFRAME, loaded silently from a compromised website or an advertisement network pop-up. The exploit code loaded through these IFRAME tags attempts to use several dozen vulnerabilities, including the two recent zero-day vulnerabilities: MS05-054 and MS06-001. Users who are patched against these vulnerabilities are displayed an ActiveX prompt to install the exploit code."

For the full story, please read: When Greyhats turn to Blackhats.

Here is a story from Brian Krebs that is relevant to this issue: Fake Anti-Spyware Makers Settle Fraud Charges.

As always, protecting your computer and your identity is important. It is highly recommended that one carefully investigates "unknown" providers of computer security before using them.

1 comment:

prying1 said...

A good rule of thumb before downloading anything is to go to a search engine - type in the program name with the word 'scam' and see what happens...