Security 2010 Continues to Wreak Havoc

Since January, the Internet has been bombarded with the latest iteration of the Security 2010 scareware, with fresh outbreaks coming every few days. This blog has written previously about  it.

This malware is the latest generation of a family of rogue software known by many names going back to at least 2006. The basic MO remains the same: On startup an infected computer’s desktop is taken over by a legitimate-looking program that seems to be finding all manner of malware. As this is unfolding, the software also declares that the computer has been hacked and that the user’s identity is at risk of being stolen, among other messages. The software almost completely monopolizes the system, essentially making it unusable. The hook comes when the program informs you that to get rid of the problem, all you have to do is to register this trial version. Simply click on this link (and pay $49.99) . . .

The perpetrators of this scam have so far kept things fresh by releasing new variants every few days to stay ahead of traditional, database-based antiviral programs. These variants continue to add charming new features, such as routines that block or hide all other executables, layered service protocols that block network activity (except a connection to their server to process payment), and the ability to run in safe mode. Some variants apparently block safe-mode operation altogether. New Vista-specific versions are beginning to gain traction as well. Up to now, primarily machines running Windows XP have been affected.

The infection usually occurs when the user interacts with a bogus (but official-looking) security alert claiming to have found malware. These messages may appear when the user visits a compromised website. ANY interaction with this message typically triggers a surreptitious download of the infectious software. The only safe way to close such a message is to use the task manager (ctrl-alt-delete). Internet connections not filtered through a router are especially at risk.

The reach and sophistication of this scam are surprising and disturbing. Millions of users have been infected, many more than once, and the end is nowhere in sight.

Tagged , , .