Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tips to avoid being bit by CryptoLocker (and what to do if you are)

Kim Crawley | Dec. 4, 2013
InfoSec Institute's Kim Crawley details CryptoLocker, the latest in scareware, and offers suggestions for avoiding infection.

As early as 2007, if not earlier, Windows users encountered the very first rogue antivirus programs. Even today, end users are easily fooled by this vicious type of malware.

Developers of rogue antivirus programs usually put a lot of effort into creating GUIs that resemble legitimate antivirus programs or OS components such as Windows Defender.

Contrary to popular belief, rogue AVs aren't exclusive to Windows. In May 2011, the first rogue AV for Mac OS X was discovered. In June of this year, the first Android rogue AV was discovered. If rogue AVs for Linux distros, other Unix/BSD distros, iOS, BlackBerry and Windows Phone don't already exist, they're inevitable.

Because Mac users and mobile device users frequently believe that they're "immune" to malware, rogue AVs for those platforms may be even riskier than the first ones for Windows.

I've never encountered rogue AVs as a user. As an IT security expert, web developer, and occasional white hat "skiddie," (script kiddie) I should know better, so I do. I first encountered rogue AVs while providing remote support to Windows users all across the United States. And, oh boy, did I ever see them a lot back then. I swear, nearly a quarter of my support tickets involved ridding user machines of rogue AVs.

They usually fooled my customers very well. Either the end user didn't know what AV software they were using, if any, or didn't think it was suspicious to see a program that looks like an antivirus program, but not their antivirus program. I said, umpteen times, "Just let me get rid of it for you, do not, whatever you do, input your credit card number!" "But I just want it to go away!" they'd cry.

Often, between calls, I'd hear my coworkers say the very same thing to customers.

You know what would have happened if my customers had done what the rogue AVs told them to do? The party behind the rogue AV would take their credit card number, validate it, then charge large amounts to it, fraudulently, even though the GUI would say the charge would be $19.99 or something like that. Then, the credit card number might be used for identity theft. On the end user's side, they wouldn't be rid of the rogue AV. In fact, I've had many customers say that after inputting their credit card numbers, their PCs would get even worse. Oh why didn't those customers call me or one of my colleagues before considering doing that?

The bigger picture is that, when end users fall prey to rogue AVs, they not only harm their PCs, mobile devices and themselves, but by making the people who write that sort of malware money, they're encouraging them to keep doing it. It's insidious.


1  2  3  4  5  6  7  Next Page 

Sign up for MIS Asia eNewsletters.