|
By Simon Heron, Network Box
For some time, cyber-criminals have been writing and distributing scareware as part of their arsenal in the battle to take control of our computers.
Put simply, scareware programs are designed to frighten people into running malicious software by popping up when the user is online and declaring that viruses/Trojans have been detected and that all the user has to do is run the program they provide to clear up the 'infected' system. Anti-virus provider Symantec has recently released a report which indicates that this practice isn't going away.
I am always a bit skeptical about how much criminals really earn carrying out virus writing scams. I suspect the majority could be described as 'failing businesses', with a smaller number actually making some money and then selling their technology to those new to the scam.
As users, this doesn't help us as. There is still a lot of scareware out there, and many people still falling for it. (Forty-three million in the last year, according to Symantec).
So, why are so many of us still falling for this con trick if it's been around for so long? Why is it that people will just download from a site they have never heard of, a site which doesn't appear to specialize in anti-malware, rather than use reputable anti-malware solutions?
One theory is that users are relaxed, at home and feeling secure. Hence their defenses are down, and they will believe anything. Lack of awareness could also be an issue. This is difficult for me to believe as all I seem to read about are scams and malware, but then again that is what I do so perhaps it is not surprising.
Another thought is that the message is almost too strong. That people are aware of malware, and know that they need protection, so when they get told that they are infected they believe it, and want a quick, easy solution which the pop-up box is presenting to them. Perhaps the initial panic that the user experiences when informed about the 'infection' kicks in and drives them to download the first 'remedy' available. Maybe they're just clicking anything to get rid of the error message.
Logically, users that have a fully updated security suite installed on their system shouldn't experience the same kind of panic and feeling of vulnerability that would prompt them to click this message.
However, what about those users who don't have a security solution installed? For home users, security suites can be purchased for as little as 20 euros these days. That's not to mention the legitimate free anti-virus providers that home users can install.
The fact is, people are clicking on these messages and getting infected, which is a problem for all of us. Perhaps, rather than individual campaigns targeted at certain issues of the moment, the industry as a whole needs to co-operate on a national awareness campaign, highlighting the risks and providing guidelines to the user on how to mitigate them.
Copyright © 2008 To Present-Information-Security-Resources.com.
Simon Heron is an Internet security analyst with Network Box (UK) Ltd, a unified threat management company.
Only registered users can write comments.
Please login or register. |
