Rogue ware is nasty – believe it
During last Black Hat I wrote about an interview I did with a couple of researchers from Panda Security about rogueware. It really opened my eyes to just how big a problem the fake AV and malware problem is. Like a 500 million dollar problem! But two posts over the last few days have brought this home to me again.
First was an article on the McAfee blog about a new rogue malware plot that actually looks and feels like the McAfee product. It is called McCatte and if you were a consumer who was not familiar you would be fooled without a doubt. Here is what this nasty little program does according to McAfee:
The rogue software offers several “features”:
It displays fake warning messages and “Safety Center Alert†pop-ups It flashes icons that appear in the system tray It hijacks the browser’s homepage to a site that mimics McAfee’s site And that’s not all–MaCatte Antivirus 2009 will block currently installed or downloaded anti-virus software. It will redirect your browser to various misleading websites, including the rogue program’s homepage, www.macatte.com.
Once installed, MaCatte Antivirus will start automatically when you boot Windows. Then it will scan your computer and display numerous infections, but will not remove them until you first purchase the program.
The McAfee blog then talks about the cost of McCatte, which is $99. More than the the cost of McAfee itself. Forget the cost, comparing this rogue ware to legitimate anti-malware solutions gives it far more legitimacy than it deserves.
But can you imagine your favorite non-security savvy friend or family member having to deal with this? It could be a nightmare for them. It could even be a nightmare for a tech savvy user like Larry Dignan over at ZDNet. Somehow he was infected with some rogueware and it was opening so many porn and Viagra windows on his desktop he could not get to anything else to remove it.
Ironically his McAfee software was useless in protecting him. It just did not recognize the rogue ware. Larry grew so frustrated that finally gave in and agreed to pay McAfee 90 for a paid tech support call. Except McAfee dropped the ball (what a surprise) and was never even able to get someone on the phone with him despite taking his money. Luckily he was able to get Kaspersky installed on his machine and it recognized the nasty rogueware and removed it.
But it just goes to show you that this stuff is nastier then ever! BTW according to the ZDNet article Ryan Narriane says that Vista and Windows 7 would never have let the rogue programs install themselves. That is good to hear.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=63d5ac8e-532f-4bfc-96f1-cd6a5683b571)
Comments