Friday, April 23, 2010

Hackers exploit McAfee False Alarm to spread Scareware Attack, Sophos Reports

System administrators at risk of infection from fake anti-virus traps

MUMBAI / BANGALORE, India – April 23, 2010 – IT security and data protection firm, Sophos, is warning that hackers are exploiting a problem with McAfee's anti-virus product that has caused hundreds of thousands of computers around the world to repeatedly reboot themselves, effectively becoming inoperable.

McAfee accidentally issued a detection update yesterday which mistakenly detected a harmless Windows file, svchost.exe, as "W32/Wecorl.a", and caused critical problems on affected PCs.

Hackers, however, are compounding the problem by using blackhat SEO (search engine optimisation) techniques to create webpages stuffed with content which appears to be related to McAfee's false alarm problem - but are really designed to infect visiting computers.

Sophos has identified malicious webpages which appear on the first page of Google results if users search for phrases associated with McAfee's false positive.

"It's bad enough if many of the computers in your company are out of action because of a faulty security update, but it's even worse if you infect your network by Googling for a fix," explained Graham Cluley, Senior Technology Consultant for Sophos. "These poisoned pages are appearing on the very first page of search engine results, making it likely that many will click on them. If you visit the links you may see pop-up warnings telling you about security issues with your computer. These warnings are fake and designed to trick you into downloading dangerous software, which could result in hackers gaining control of your corporate computers or the theft of your credit card details."

In the past, hackers have used the same techniques to infect users hunting for information about Sandra Bullock's marriage problems, Tiger Woods' car crash, and the death of celebrities such as Michael Jackson and Natasha Richardson.

"SEO poisoning is one of the fastest-growing areas of cybercrime today," explained Cluley. "The hackers know that users turn to search engines when they are looking for the latest news on a breaking story, and are lying in wait to infect the unwary."

Sophos recommends that businesses protect their users by running a web security solution which scans every webpage and link clicked upon for malware and criminal activity.

# # #

About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use, and that deliver the industry’s lowest TCO. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs—a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards. Sophos is headquartered in Oxford, UK and Boston, US. More information is available at www.sophos.com
Hackers exploit McAfee False Alarm to spread Scareware Attack, Sophos ReportsSocialTwist Tell-a-Friend

No comments:

Post a Comment