Many, many of my clients (too many) have fallen victim to one of the many Fake AV exploits. This happens when you inadvertently browse a web page that has been infected with executable software code. The executed code is inserted in the legitimate website one of two ways. The first requires the cyber-crooks to hack the web server using an automated brute force password attack, and is usually possible because the web master is using weak and easy to break passwords. The second method involves purchasing advertising from the web site owner. This is actually easier, because web site owners are eager for the advertising revenue, and often have no serious controls over the content of the advertising.
This will automatically install the Fake AV product, which generates a phony “Your computer is infected!” pop-up window. Usually it also installs a remote access Trojan horse, and sometimes a Proxy Server Redirection into the web browser application (such as internet Explorer).
In a recent St Paul Pioneer Press article from Thursday June 23, 2011, this exploit was explained in an article titled Foreign “Scareware" Scam Busted – Plot targeted Star Tribune website. The article described how a couple of Latvian cyber-criminals bought advertising in the Star Tribune online web site, and then switched out the first ad with one that was carrying the malicious software code. Anyone who accidently moused-over the ad was infected. That’s right, just driving your mouse OVER the ad was enough, no clicking required.
A longer article on computer security firm Sophos website provides more detail into this and similar exploits that have been taken down by the FBI and Interpol. Unfortunately, the article from the Pioneer Press is only available for a fee from their archives, because these ink-stained wretches just don’t get the Internet. (You wouldn’t want me to send traffic to your web site for free, would you?)
Before they were caught, this pair netted over $2 million dollars. Not bad for a quick days work, eh?
By the way, the Sophos article is well worth the read, so get to it!
ShareJUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com