JUST IN: As end of Q2 nears, IBM employees fret 'resource actions'

Topic: Security

Discover

Rogue security software spoofs ZDNet Reviews

Summary: Impersonation is a form of flattery by itself, however, not when it comes to the very latest round of rogue security software this time impersonating ZDNet, CNET's and PC Magazine's reviews section, making it look like legitimate and highly respected technology sites have actually reviewed and recommend the rogue security software.

Dancho Danchev

By for Zero Day |

Impersonation is a form of flattery by itself, however, not when it comes to the very latest round of rogue security software this time impersonating ZDNet, CNET's and PC Magazine's reviews section, making it look like legitimate and highly respected technology sites have actually reviewed and recommend the rogue security software.

According to Lawrence Abrams from Bleeping Computer the latest rogue security software Anti-virus-1 redirects infected users attempting to visit the sites to a legitimately looking reviews of the scareware. By using this novel approach the rogue software vendor's aim is to add more legitimacy to Anti-virus-1's existence in general. However, if they truly wanted to achieve better social engineering result, they could have at least used a more recent version of the impersonated sites.

Here's how it's done anyway:

Upon installation the software modifies the HOSTS file and redirects affected users attempting to visit the review sites to a centralized location used for the hosting and promotion of even more rogue security software:

O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com O1 - Hosts: 217.20.175.74 a1.review.zdnet.com O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com O1 - Hosts: 217.20.175.74 www.reviews.download.com O1 - Hosts: 217.20.175.74 reviews.download.com O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com O1 - Hosts: 217.20.175.74 reviews.pcmag.com O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com O1 - Hosts: 217.20.175.74 reviews.reevoo.com O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk O1 - Hosts: 217.20.175.74 www.reviews.techradar.com

And whereas modifying the HOSTS file is a bit of a noisy approach to hijack traffic, given the fact that end user managed to get -- ironically -- infected with a non-existent security software on their way to protect themselves from security threats, there's a high chance that this HOSTS modification will remain undetected.

This "visual social engineering" approach is perhaps one of the key success factors for the rise of rogue security software. From the real-time scanning applets showing how badly affected a visitor is, to the bogus software rewards and awards the application has already won by using , vendors of rogue security software know the value of "what you see is what you get", or at least we want you think so.

From a psychological perspective, the rise of rogue security software demonstrantes the end user's impulsive decision making based on the oldest known motivation factor - fear which in 2009 is transformed into fear of losing data. And while in the past cybercriminals used to brandjack legitimate security software, today's revenue-sharing affiliate based model for spreading rogue security software is in fact building new brands that despite their short product cycle are already affecting hundreds of thousands of users.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion

  • Message has been deleted.

    David Grober
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    Someone needs to track down this company and punish them for what they are doing.
    docqualizer
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    So, Dancho Danchev, it sounds like you are saying that to get rid of the "infestation" all you have to do is edit the HOSTS contents and a computer is clean.
    I am aware that this is not something recommended for a novice.
    Will Anti-virus-1 get into the registry or somehow into the kernel?
    How do we get rid of it?
    Any reply would be appreciated.
    zanderqin
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    There are several free apps out there that will help you get rid of this. I work for a state institution and we are working on getting an Enterprise package for spyware. But I am sure we will still need to use 1 or more of our free apps to get rid of alot of these and other new ones coming around.
    Most can be found on ZDNet's Download.com.
    1. Spybot Search & Destroy (Advanced Mode for serious issues) You can not only kill entire processes, but the modules of NON killable processes. And a way to get rid of Active X and Browser Helper Objects.
    2. AdAware. Pretty straight forward apps.
    3. Super Anti Spyware. (I know the name is silly, but it does a good job)
    4. Malware Bytes. This one will get the really tough ones. But for some reason misses some of the more common ones.

    Using just 1 of these will not be suitable for most. We usually don't get the call until after a PC has been screwed up for a week and the user says it is unbareable. And since our service is free, they could care less.
    dbisse@...
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate!<a href="http://nccma.com">nccma</a> <a href="http://coolerkings.com">cooler</a>
    MACKENZI
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing <a href="http://the-ishop.com">the i shop</a> <a href="http://abatwa.com">abatwa</a>
    PEARLINEI
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post.<a href="http://power28.com">power</a> <a href="http://sagesinc.com">sa</a> <a href="http://iloveshoping.net">shop</a>
    RHIANNONA
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper <a href="http://easy-wheels.com/">wheel</a> <a href="http://pbcars.com/">car</a> <a href="http://com69.net">com</a> <a href="http://cadburry.com">bury</a>
    SATURNINA
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board.<a href="http://vintagesnapbackhatsfan.com">z</a><a href="http://bestsolidstatedrive.net">d</a><a href="http://b2days.com/">n</a><a href="http://b2wp.com/">e</a><a href="http://buy-sell-cheap.com/">t</a> <a href="http://sellcheap.net/">t</a><a href="http://newsoftwarepc.com/">h</a><a href="http://bestlaptoppcreviews.com/">a</a><a href="http://buyfurniturefreeshipping.com/">n</a><a href="http://cheapclothingstoresonline.com/">k</a> Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
    TOCCAR
    Reply Vote

  • RE: Rogue security software spoofs ZDNet Reviews

    Thanks nice info <a href="http://buyboxinggloves.net/">z</a><a href="http://buygemicrowave.com/">d</a><a href="http://cheapweldingsupplies.com/">n</a><a href="http://cheapcarcareproducts.com/">e</a><a href="http://cheapluggageforsale.com/">t</a> I really liked your current article write more..let me add you to its favorite The articles you have on zdnet <a href="http://mlbshopgiants.com/">s</a><a href="http://best3dtvavailable.com/">i</a><a href="http://lampsplusstorelocator.com/">t</a><a href="http://discountperfumewebsites.com/">e</a> are always so enjoyable to read. Good work and I bookmarked it.
    MCKNIGH
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close