Fake Anti-Virus “Scareware” Scam Busted By Interpol Had Minneapolis Connection

Many, many of my clients (too many) have fallen victim to one of the many Fake AV exploits.  This happens when you inadvertently browse a web page that has been infected with executable software code.  The executed code is inserted in the legitimate website one of two ways.  The first requires the cyber-crooks to hack the web server using an automated brute force password attack, and is usually possible because the web master is using weak and easy to break passwords.  The second method involves purchasing advertising from the web site owner.  This is actually easier, because web site owners are eager for the advertising revenue, and often have no serious controls over the content of the advertising. 

This will automatically install the Fake AV product, which generates a phony “Your computer is infected!” pop-up window.  Usually it also installs a remote access Trojan horse, and sometimes a Proxy Server Redirection into the web browser application (such as internet Explorer).

In a recent St Paul Pioneer Press article from Thursday June 23, 2011, this exploit was explained in an article titled Foreign “Scareware" Scam Busted – Plot targeted Star Tribune website.  The article described how a couple of Latvian cyber-criminals bought advertising in the Star Tribune online web site, and then switched out the first ad with one that was carrying the malicious software code.  Anyone who accidently moused-over the ad was infected.  That’s right, just driving your mouse OVER the ad was enough, no clicking required.

A longer article on computer security firm Sophos website provides more detail into this and similar exploits that have been taken down by the FBI and Interpol.  Unfortunately, the article from the Pioneer Press is only available for a fee from their archives, because these ink-stained wretches just don’t get the Internet.  (You wouldn’t want me to send traffic to your web site for free, would you?)

Before they were caught, this pair netted over $2 million dollars.  Not bad for a quick days work, eh?

By the way, the Sophos article is well worth the read, so get to it!


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.