Scareware Video Codecs – Another Money Maker For The Bad Guys

Scareware and Rogue applications (essentially one and the same), once installed, are usually in the victim’s face with an immediate demand for money. Pay me now – not later, is a common theme encountered by those unlucky enough to be trapped.

The ever creative malware clan though, which seems to be always tinkering with delivery methods, has just released a combo threat in an effort to enhance what is already a mature and lucrative business model.

This time around, the bad guys have combined the ever popular missing codec scam (see – Video Codecs – Gateways to Malware Infection – March 2010), with the more usual “Hey, you’re infected” scareware shakedown.

Initially, the unlucky victim gets the usual blunt, and very convincing warning – much like the one below.

Courtesy – GFI.

You’ll notice, that unlike the usual “click here to buy” or similar come-on, the potential victim is simply instructed to “Remove all” Trojans. Sounds pretty upfront don’t you think? OK, maybe not to you as an experienced user but, what about your friends/relatives who aren’t as aware as you are? The sad reality is – the victims continue to pile up.

Unfortunately, clicking on “Remove all”, will install a series of malware infected files. The (innocent?) victim will not notice that he’s just been bamboozled – not yet. The victim won’t get the “but wait, there’s more” message, until the time comes to play a Web video.

Courtesy – GFI.

And then – booom. Time to pay – as shown in the following screen shot.

Courtesy – GFI.

Worth repeating:

If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

There is an epidemic of rogue software on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

Some good advice from popular guest writer Mark Schneider – “My general rule of thumb for video is: If VLC won’t play it don’t bother.”

So that you can avoid the “missing codec scam”, and to ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Scareware Is Everywhere – As Mac Users Just Found Out

The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.

Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.

Hopefully, this reality check will put a stop to nonsensical forum comments like the following.

“Well this is why I’m glad to have a Mac just saying”

“If Windows didn’t exist these things wouldn’t happen to people”

Since myths tend to die a slow and painful death however, I somehow doubt it.

Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.

The following is an edited version of that earlier article.

Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cybercrime 101 – Advertise On A Search Engine For Success

If you want to enhance your chances of being a successful cyber scam artist/cybercrook, you need to; look the part and act the part, of a successful Internet business organization.

How hard is that? Not hard at all when you consider all you need to do is offer a product that appears genuine, and perhaps most importantly – advertise in readily available and trusted media.

So, if you want to succeed in the $105 BILLION “Internet shadow economy”, advertising your “product” on an Internet search engine, could be a major step in helping you reach your financial goals.

Why an Internet search engine? Well, if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive. In a sense, search engines impart instant legitimacy.

Part of the process of offering a product that appears to be genuine, would include producing and promoting a Web site that instills confidence in those unlucky enough to click on your ad, such as the site pictured below for ErrorSmart.

But, here’s what 2-Spyware.com has to say about ErrorSmart:

Error Smart is not an anti-spyware as it says but a smart new scam luring online for victims. Usually, ErrorSmart must be downloaded and installed manually from promoting website, but sometimes it is distributed by trojans. Error Smart is presented as reputable security tool, but the facts speak differently.

It compromises the system by disabling firewalls and other security applications. It displays large numbers of fabricated security reports that are partially true because Error Smart is able to download additional computer parasites on the infected computer.

On top of that, Lavasoft’s Ad-aware, sees ErrorSmart as a Rogue application as the following graphic indicates.

But hold on! Given that search engine results can be manipulated, or worse (see “Search Engine Results – Malware Heaven!” on this site), it’s reasonable to ask the question – why aren’t typical Internet users aware of this situation?

The simple answer is – search engines make little, or no effort, to educate their users in the risks involved in relying on advertisements appearing in their applications. As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

A user looking for a review of ErrorSmart, for example, has a reasonably good chance of finding the following review:

ErrorSmart uses the industry’s most advanced error-resolution technology and puts it to work for you. By scanning your hard drive, analyzing the errors and correcting the problems, ErrorSmart can restore your system performance and increase startup speed by up to 70 percent.

Whether it’s incomplete uninstalls, failed installations, driver issues or spyware infections that are affecting your PC, ErrorSmart will rid you of your computer problems in just minutes.

However, the graphic below, illustrates WOT users’ reactions to this article.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

ErrorSmart (the site pictured earlier), a “scareware/rogueware” application developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false positives generated by the application, has been “advertised” for months on a number of leading search engines.

If you think this is a one off, or an isolated incident, then you’ll be surprised to learn it’s not. For additional information on this issue see “Search Engine Results – Malware Heaven!”, on this site.

So will search engine providers address the issues described in this article? Sure – but only when consumers who are totally fed up with tainted search engine results finally force them to. I don’t see that happening any time soon.

Writing articles like this is not without risk. For example, several years ago I wrote an article on an application – Finally Fast – considered by many to be less than it pretends to be. Google “Finally Fast scam” to see what I mean.

Recently, Ascentive, the developers behind Finally Fast, had their lawyers email me a letter in which they threatened to sue me for posting my unbiased views on their product. Since I live in Canada, where the courts are not sympathetic to lawsuits that are launched to intimidate and harass, this letter had little effect. Actually, I considered their threat a backhanded compliment!

Nevertheless, since Ascentive is well know for aggressive threats to sue – they even sued Google – “ The claimant, Ascentive,  a software producing corporation that, after some bad press, got kicked (“suspended”) out of Google’s organic search results & whose AdWords account got disabled, is now  suing  Google”, I did hand the email to my lawyer.

My lawyers advice to me, in decidedly unlawerly language was – “tell them to kiss your ass”.  He want on to explain that a “libel chill” lawsuit such as this, had little chance of being considered by the courts in this country.

Like most people I don’t react well to threats, so I did consider looking to the Blogger community for support on this and mounting a campaign, with the help of the community, to take up the gauntlet and spotlight Ascentive’s actions.

But, considering the number of hours that such a campaign would require, I took the easy way out and removed the article. However, if my daily workload should ever lighten – I may yet revisit my decision.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Symantec Discovers An Airport Internet Terminal Security Threat

Nick Johnston, Senior Software Engineer at Symantec Hosted Services, has just posted a warning on the MessageLabs Intelligence Blog – Scareware Haunts Airport Internet Terminals, that all air travelers should read.

Here’s a preview –

This year, people traveling by air have had to contend with disruption caused by the volcanic ash cloud from the Eyjafjallajökull eruption in Iceland, industrial action and tour operators collapsing. But while traveling ourselves, we noticed another threat: airport Internet terminals infected with malware.

Many airports have public Internet terminals for passengers without their own laptops to check email or browse the Web. In a large airport in England, we noticed one terminal with an usual “Defense Center Installer” dialog box. “Defense Center Installer” is a fake anti-virus software, also known as “scareware”.

This type of malware claims that a user is infected with a virus, and encourages them to buy the full version of the software to …….

To read the rest of this article, visit the MessageLabs Intelligence Blog.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gavin Whittaker’s Guide to Internet Safety – Part Ten

Guest writer Gavin Whittaker has written  an impressive series of ten articles, all designed to  help you navigate the Internet in safety.

We’re presenting Gavin’s highly informative articles, one each day, over the course of ten days.

Here’s the tenth and final part of the www.speeddemonit.co.uk guide to:

• Protect Yourself from Fraud
• Highlight the Common Internet Scams
• Give You the Knowledge & Confidence to Avoid these Online Scams

The Quick Buck – Avoiding Internet Fraud for Beginners

Lets wrap up by looking at ‘work from home’ or ‘make money quick’ emails and websites.  These sites offer you a second income or a great reason to quit your day job and invest all of your time into this ‘proven’ system.

Let’s not assume that all of these work from home opportunities are a scam, take a look at Ann Summers or Avon for example.  However there is without question a huge amount of scams that don’t give any return on your investment, whether your time, money or both!

Most of these scams request an upfront payment for training, materials, administration, registration…you name it, there’s a spin on it.

The scam types varies.  Some include the distribution of flyers or production related work. The real trick however is when the scam itself involves you unknowingly promoting the scam again, to your friends, family and neighborhood.

I’m sure the last 9 days articles have reinforced just how much more painful this situation can become if not only did you pay upfront for materials but you also gave them your bank details….ouch!!

Be aware if you’re approached for a ‘work from home’ opportunity.

Research the company on the Internet.  A poor site usually gives the game away immediately.

Do not get involved with anyone asking for an advance payment.

Dismiss immediately any offer of a big reward for just a little investment of your time and money.

Guest writer Gavin Whittaker is an IT Author,  Consultant and Trainer, and a Member of the Technology Channels Association.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gavin Whittaker’s Guide to Internet Safety – Part Nine

Guest writer Gavin Whittaker has written  an impressive series of ten articles, all designed to  help you navigate the Internet in safety.

We’re presenting Gavin’s highly informative articles, one each day, over the course of ten days.

Here’s the ninth part of the www.speeddemonit.co.uk guide to:

• Protect Yourself from Fraud
• Highlight the Common Internet Scams
• Give You the Knowledge & Confidence to Avoid these Online Scams

Today we focus on how scammers make money dishonestly from major world events.  Good hearted people the world over are targeted by fake charity sites to pledge money from disasters, such as the recent Haiti earthquake.

Within hours of the earthquake bogus web sites were everywhere on the internet, processing donations that unfortunately never made it to their supposed beneficiaries.  Similarly emails were being distributed asking you to click the link and pledge money to a scammer…

I advise you should never donate money to a charity by clicking either a website or email link, and instead go directly to the recognized charity site.  Online charities have to be registered with the Charity Commission at charity-commission.gov.uk so if you still have doubts, investigate the charity in question on this website.

Tune in tomorrow for Part 10 – The Quick Buck – Avoiding Internet Fraud for Beginners.

Guest writer Gavin Whittaker is an IT Author,  Consultant and Trainer, and a Member of the Technology Channels Association.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gavin Whittaker’s Guide to Internet Safety – Part Eight

Guest writer Gavin Whittaker has written  an impressive series of ten articles, all designed to  help you navigate the Internet in safety.

We’re presenting Gavin’s highly informative articles, one each day, over the course of ten days.

Here’s the eight part of the www.speeddemonit.co.uk guide to:

• Protect Yourself from Fraud
• Highlight the Common Internet Scams
• Give You the Knowledge & Confidence to Avoid these Online Scams

Today we focus on Trojans, code that is part of software you download from the Internet to do various things such as steal your usernames and password, bank login details and so on.

Trojans are a major reason that there has been a significant rise of botnets – large networks of compromised computers that can be remotely controlled and called upon to spread further damage, whether by sending spam emails or launch attacks on websites you visit, without you ever knowing.

So botnets, spread the Trojan further!

Eliminating a Trojan is not easy and usually involves a complete format of your computer, meaning the re-installation of your operating system, your applications and all the other personal preferences you have configured on your computer.

Identifying these cons is by being mindful of what the links you’re clicking in emails or the programs you are downloading.  A robust web browser such as Mozilla Firefox and up to date anti-virus and spyware protection plays a major role in your security too.

You’re unlikely to know if your PC is part of a botnet, however, if it is or you suspect it is then seek specialist technical support to ensure your personal files are backed up prior to re-installation.

Avoiding this type of scam again boils down to common sense and simply being on guard against suspect emails and not downloading software you cannot guarantee the source of.

Tune in tomorrow for Part 9 – Major World Events – Avoiding Internet Fraud for Beginners.

Guest writer Gavin Whittaker is an IT Author,  Consultant and Trainer, and a Member of the Technology Channels Association.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gavin Whittaker’s Guide to Internet Safety – Part Seven

Guest writer Gavin Whittaker has written  an impressive series of ten articles, all designed to  help you navigate the Internet in safety.

We’re presenting Gavin’s highly informative articles, one each day, over the course of ten days.

Here’s the seventh part of the www.speeddemonit.co.uk guide to:

• Protect Yourself from Fraud
• Highlight the Common Internet Scams
• Give You the Knowledge & Confidence to Avoid these Online Scams

Today we focus on how criminals use online auctions to con us out of our auction items.

Online auctions sites, such as eBay, are unfortunately rife with fraudulent activity. It affects not only the buyers but the sellers too.  Not only does this spoil the online auction fun for the rest of us, but it means we constantly have to be on our guard.

The most common scam is to target sellers overseas.  The buyer may offer to pay you by check, or ask you to ship the item to an address different to that confirmed against the credit card being used to pay for the item.

Of course, the communications from the other party may seem all very genuine and friendly.  You have no reason to suspect that in a few weeks or months , it all turns out that you’ve been paid with a stolen card, or a check that never cleared properly….problem is, you shipped the item , spent the money and unfortunately, you’re going to be out of pocket soon too!

This is because banks usually credit funds from deposited checks to an account within a few working days – the money has been cleared for value however does not mean the money actually belongs to you yet.  The source of the check (i.e. the foreign bank) has to clear the check for ‘fate’.  This can take some time, and usually means because you’ve been scammed and have spent the money that appeared to clear so soon …the bank can claim it back.

The other con is when you ship internationally to a different address to that of the credit card.  The ‘story’ the buyer may spin you as to why they need the item to a different address may sound very convincing, however, whether they pay by card, by PayPal, check – stick to your guns and only ship to the correct and verified address…or better still, don’t take the risk – re-list the item and only sell to someone in your country with lots of great feedback and a high feedback score.

Tune in tomorrow for Part 8 – The Trojan Horse – Avoiding Internet Fraud for Beginners.

Guest writer Gavin Whittaker is an IT Author,  Consultant and Trainer, and a Member of the Technology Channels Association.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gavin Whittaker’s Guide to Internet Safety – Part Six

Guest writer Gavin Whittaker has written  an impressive series of ten articles, all designed to  help you navigate the Internet in safety.

We’re presenting Gavin’s highly informative articles, one each day, over the course of ten days.

Here’s the sixth part of the www.speeddemonit.co.uk guide to:

• Protect Yourself from Fraud
• Highlight the Common Internet Scams
• Give You the Knowledge & Confidence to Avoid these Online Scams

Today we focus on advance fee fraud, a scam promising you money that doesn’t exist but has whet so many peoples appetites internationally that has unfortunately been very successful.

The situation begins with the receipt of an email claiming to be able to share a vast amount of money with you, subject to you helping them export this sum.  The source of these funds is typically a war-torn or corrupt country….this should be your first warning sign.

In order for you to help them transfer the money and so give you a slice of the action too, they ask for an advance fee to help them overcome a ‘minor cash flow problem’.  With your small investment the money can be released.

The prospective return on investment excites computer users to take leave of their senses and give their money away…all because the lump sump they’ve been promised seems so obtainable now, just out of reach!

This kind of fraud is typically associated with emails from Nigeria and even has its own criminal code – 419.  I’m sure it’ll be no surprise to you that other countries have followed Nigeria’s lead and prolifically send out advance-fee fraud related emails.

Knowing about this type of scam means you’ll recognize this type of email immediately and know to press the Delete button.

Guest writer Gavin Whittaker is an IT Author,  Consultant and Trainer, and a Member of the Technology Channels Association.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gavin Whittaker’s Guide to Internet Safety – Part Five

Guest writer Gavin Whittaker has written  an impressive series of ten articles, all designed to  help you navigate the Internet in safety.

We’re presenting Gavin’s highly informative articles, one each day, over the course of ten days.

Here’s the fifth part of the www.speeddemonit.co.uk guide to:

• Protect Yourself from Fraud
• Highlight the Common Internet Scams
• Give You the Knowledge & Confidence to Avoid these Online Scams

Today we focus on emails claiming you’ve won the lottery….lucky you!

Said in jest, there’s a millionaire made every minute online.  Emails arriving in your inbox informing you of a vast lottery win is a common type of con.  Spotting them is again down to common sense, after all, how can you win this online lottery if you didn’t enter it in the first place!

If you click the links in such emails then the flood gates are opened to phishing, spyware and scareware (see previous articles).

In addition, the request for personal data so they can send you the check is of course another scam and only contributes towards the theft of your personal identity.

No matter how convincing the email may look, never click the link.  If (and only if), you did enter the lottery in question should you open your browser and manually type in the website address of the lottery provider yourself, accessing your account and checking for yourself.

Guest writer Gavin Whittaker is an IT Author,  Consultant and Trainer, and a Member of the Technology Channels Association.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.