Table of Contents for

Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition, 2nd Edition

PART III

PREVENTION TECHNOLOGIES

Case Study: A Wolf in Sheep’s Clothing

Hundreds of prevention technologies and methodologies have been developed to solve the growing malware problem. State-of-the-art solutions are always available to enterprise customers who have the budget to pay for them. But for common home users this is generally not the case. Most of the time home users are stuck with simple endpoint solutions. There is nothing wrong with this, but you have to be wary because malware writers can take advantage of this situation by disguising their malware creation as a security solution.

Scareware

Scareware is a type of malware that scares a user into downloading software that poses as a malware solution but is, in fact, malware. A scareware typically pops up when a user visits certain websites. It will usually display a fake scan of your computer as if it’s happening in real time and detecting a lot of malware. The effect is to scare the user into doing what the scareware wants—downloading the fake software and then paying for it using the user’s credit card.

As a result, the scareware has victimized the user in three ways:

•   Malware gets installed into the target system.

•   The user’s credit card is charged with the cost of the fake malware solution.

•   The attacker now has the user’s credit card number.

Fakeware

Fakeware is a type of malware that disguises as an update to very popular software installed in a target machine. Instead of scaring the user into installing the malware, it passes itself off as a software update that must be installed to solve bugs and enjoy new features. The UI or main display is an exact copy of the legitimate software it is pretending to be.

Look of Authenticity

One thing these types of malware have in common is the look of authenticity. The malware authors try their best to make the look and feel of these fake malware solution pop-ups and updates as authentic as possible. They know that this is crucial because this is where their initial success lies.

But not all of them have the look and feel of authenticity, especially those that are rushed or put together by non-native English speakers. Pay attention. For example, the text will often contain improper English, use slang, or have content that does not make sense to an English speaker.

Countermeasures

If you are faced with these pop-ups, the best way to deal with them is to ignore them. If it is a scareware, do not click anything on the pop-up. Instead, power up your most trusted endpoint solution. If it is an update message, close the pop-up or message window and go straight to the software provider’s main page and get the update from there.

It is also best to report the fraud to the software publisher. Most software publishers have a dedicated email address for fraud notifications, whereas others let you submit a report on their website. The FBI also has a page wherein software frauds can be submitted: https://www.ic3.gov/complaint/default.aspx. Take note that you will be asked to submit some of your personal information when reporting an Internet Crime Complaint.