Rogueware vendors getting more aggressive 14 October, 2009 By Mark Cox

The fake program, called Total Security 2009, is being offered to victims for approximately $USD 79.95. Victims can also purchase 'premium' tech support services for an additional $19.95.Total Security 2009 is well-known in the Internet security industry as a dangerous scam, but this particular tactic they are using now is new, Panda says.

Users who pay the ransom receive a serial number that releases all files and executables, allowing them to work normally and recover their information. The fake anti-virus, however, remains on their systems. PandaLabs has published a list of serial numbers that victims can use to unblock their computers, as well as a video demonstrating how this scam operates, at: http://pandalabs.pandasecurity.com/archive/Rogueware-with-new-Ransomware-Techn ology_2221_.aspx.

"Users are often infected unknowingly - in most cases through visiting hacked Web sites. Once a computer is infected, it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge," said Luis Corrons, technical director of PandaLabs.

Previously, when computers were infected by this type of malware, users would typically see a series of warnings prompting them to buy a paid version of the program. The new method of selling rogueware blocks users' attempts to run programs or open documents, displaying a message falsely informing them that all files on their computers are infected and the only solution is to buy fake anti-virus.

"Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked," Corrons said. "The only application that can be used is the Internet browser, conveniently allowing the victim to pay for the fake anti-virus. For this reason, on the PandaLabs blog, we have published the serial numbers required to unblock the computer if it has been hijacked. Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake anti-virus."

The way this rogueware operates presents a dual risk: First, users are tricked into paying money simply in order to use their computers; and second, these same users may believe that they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected," Corrons added.

Ironically, Corrons said that this new aggressive trend may reflect progress in the fight against cybercriminals.

"This shift toward hijacking computers indicates either that users are becoming more adept at recognizing these threats or that security companies are beginning to close the gap on this highly sophisticated level of cybercriminal behavior. This would explain why hackers are becoming more aggressive in the methods used to force the victims into purchasing fake anti-virus programs."

Reprinted by permission of Integrated mar.com (integratedmar.com), EchannelLine © Copyright 2009 Integratedmar.com Corporation.