Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

McAfee False Alarm Drives Surge In Scareware

Sophos : 23 April, 2010  (Technical Article)
Hackers are exploiting McAfee Antivirus product error with webpages designed to attract McAfee users and deploy malware on their systems through fake clean-up tools
IT security and control firm Sophos is warning that hackers are exploiting a problem with McAfee's anti-virus product that has caused hundreds of thousands of computers around the world to repeatedly reboot themselves, effectively becoming inoperable.

McAfee accidentally issued a detection update yesterday which mistakenly detected a harmless Windows file, svchost.exe, as 'W32/Wecorl.a', and caused critical problems on affected PCs.

Hackers, however, are compounding the problem by using blackhat SEO (search engine optimisation) techniques to create webpages stuffed with content which appears to be related to McAfee's false alarm problem - but are really designed to infect visiting computers.

Sophos has identified malicious webpages which appear on the first page of Google results if users search for phrases associated with McAfee's false positive.

'It's bad enough if many of the computers in your company are out of action because of a faulty security update, but it's even worse if you infect your network by Googling for a fix,' explained Graham Cluley, senior technology consultant for Sophos. 'These poisoned pages are appearing on the very first page of search engine results, making it likely that many will click on them. If you visit the links you may see pop-up warnings telling you about security issues with your computer. These warnings are fake and designed to trick you into downloading dangerous software, which could result in hackers gaining control of your corporate computers or the theft of your credit card details.'

In the past, hackers have used the same techniques to infect users hunting for information about Sandra Bullock's marriage problems, Tiger Woods' car crash, and the death of celebrities such as Michael Jackson and Natasha Richardson.

'SEO poisoning is one of the fastest-growing areas of cybercrime today,' explained Cluley. 'The hackers know that users turn to search engines when they are looking for the latest news on a breaking story, and are lying in wait to infect the unwary.'

Sophos recommends that businesses protect their users by running a web security solution which scans every webpage and link clicked upon for malware and criminal activity.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo