One of the most common ways for cybercriminals to steal money from people is through the use of fake security software, according to the most recent Microsoft Security Intelligence Report.
This kind of software is also known as “scareware” or “rogue security software.” Cybercriminals use it to scare people into downloading more malicious software onto their computer or pay for a fake product. For more information, see Watch out for fake virus alerts.
Here are examples of the graphics used by cybercriminals trick you into downloading their security software.
The Security Intelligence Report features a video that explains how one popular piece of fake software works and how you can get rid of it. To watch the video, go to How Win32/FakePAV Steals Credit Card Information and How to Remove the Trojan.
To read the full report on Rogue Security Software, see the Malware and Potentially Unwanted Software section of the latest Security Intelligence Report. You can also download the entire report.
You’ve probably been in this situation before: either your browser seems to throw up a warning for every link you click, or it doesn’t display any warnings at all.
Internet Explorer 9 provides a more thoughtful warning system for potentially dangerous downloads. The system uses available reputation data to prevent unnecessary warnings for programs with established positive reputations.
The browser displays a warning only when a download carries a higher risk of being malicious.
Here’s what a warning looks like.
Internet Explorer and other web browsers have been offering protection from potentially dangerous URLs for a while, but according to a recent post on the IE blog, Internet Explorer is the only web browser to offer this protection based not just on the URL, but also on the actual download. Jeb Haber, Program Manager for Internet Explorer and author of the post, writes that since the release of Internet Explorer 9, “Users are choosing to delete or not run malware 95% of the time from the new Application Reputation warnings.”
For more information, see Security in Internet Explorer 9.
I recently received two email messages from people who had been the victims of cybercrime. These people weren’t just readers of our blog—they work on our team. That means that they spend almost every day thinking about viruses, online fraud, security updates, and other issues of computer security.
And they still weren’t immune to the threat.
I got permission to share these stories in an effort to prove that cybercriminals are so tricky that they can even fool people who should know better.
The first tale comes from an employee who I’ll call “Christine.” Christine writes:
I was on a news site and got infected with a computer virus. I believe I got some pop-up about an Adobe Acrobat test, and I may have hit “OK” rather than closing the pop-up. Instantly, I started getting all of these dire warning threats that my security had been breached, my computer was infected, and I should download the latest update to “Win 7 Internet Security 2011.”
I’ve actually never had a virus before, but I knew that Microsoft would never abbreviate the word “Windows” to “Win,” and then I spotted a few telltale other signs—a couple misspellings in the messages, and the warnings were so alarmist that I knew they couldn’t be from Microsoft. So I wasn’t dumb enough to click on anything, but it did paralyze my computer for a while, flooding my PC with these messages and blocking my access to the Internet.
From another PC, I found information on this virus and recommendations on how to remove it. I tried to remove it manually and had trouble locating where it was in my files. Then I tried downloading a spyware scanner (which I had to put on a USB drive, and then transfer to my infected PC). After getting it on my PC (I had to rename the .exe file because the virus knew it was spyware removal software and wouldn’t let me run it) and finding the infection, I found out that I needed to buy it before it would fix anything!
Then I remembered Microsoft’s scanner and did the same thing, and it worked! It found the virus and removed it—I guess I had the “Win32/FakeRean” virus that we featured in the newsletter a few months back. It was a fast, easy download, and it found and fixed my system for free.
Now I’ve downloaded every security update I can find, and scanned my system about 5 different times.”
This sounds like rogue security software to us. For more information, see Watch out for fake virus alerts. If you think you might have the same problem, download the Microsoft Safety Scanner.
The second story comes from an employee who I’ll call “Megan.” Megan writes:
“Right before I left for vacation I got a message that my email account had been “compromised.” At first I thought that this was a scam, but when I checked my credit card statement, I realized that over $600 of merchandise had been charged to my account. That was because I used the same user name and password information for my email account as I did for other online accounts, including my bank account.
I was using a strong password. It wasn’t a word from the dictionary and it had a mix of numbers and letters. The problem was that I used this same password since I opened the email account more than four years earlier. And like I said, I was using the same user name and password on many of my online accounts, including my bank account. I immediately changed the password on my email account, on my bank account, and on all other financial accounts. And this time I used different passwords.”
Have you had this problem? Learn how to create strong passwords or test your password’s strength.
Do you have a computer security tale of woe? Share it in our comment section below.
Senior attorney for Microsoft’s Digital Crimes Unit (DCU), Richard Boscovich, appeared on Seattle’s NBC news last week to confirm that Microsoft will not cold call you to fix your computer.
If you’ve received a call from someone who claims to be from Microsoft and wants to fix your computer, hang up. You can also report these calls to the Federal Trade Commission.
To watch the video from King5.com, see Unsolicited tech support calls fake, says Microsoft.
For more information, read Don’t fall for phony phone tech support.
The Microsoft Security Intelligence Report (SIR) provides information about current security threats to help protect organizations, software, and people. The report covers exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, Internet services, and three Microsoft Security Centers.
Volume 10 of the report was released today.
The data from the report illustrates a significant increase in social engineering attacks, specifically phishing attempts using social networking as a lure, adware such as pop ups and pop unders, and rogue security software or scareware.
Here is some of the research and analysis included in the report:
Over the next few months we’ll explore different features of the SIR. Check back with us or read the report now.
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 2 security updates.
Get the updates.
Watch a video about the updates.
To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.
The FBI and U.S. Department of Justice announced an operation to take down the Coreflood botnet.
The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.
Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.
Microsoft supports the effort to take down this and other botnets, and we've added Coreflood malware detection to the Microsoft Security Scanner.
For more information, see FBI and DOJ take on the Coreflood botnet.
We used to recommend that you increase the security of your Hotmail account by creating a new account, one that you would give to online retailers or other organizations that might send a lot of unwanted email.
Now, if you have a Hotmail account, you can create an alias within your account instead of creating an entirely new account. Mail addressed to your alias will go to a separate folder that you designate. When you’re done with the alias, you can get rid of it.
Whomever you give this address to will not know your real email address. This means less spam and more privacy.
Hotmail lets you create up to five email aliases within your account each year. You can create a different alias for each aspect of your online life. For example, you might have one alias for gaming, one for communicating with old friends, and one for your work life.
For step-by-step instructions, see Aliases in Windows Live Hotmail.
Cybercriminals are circulating a new piece of fake security software that spoofs a Microsoft security tool. It’s called the “MS Removal Tool.” If you see a pop-up ad or an email for the “MS Removal Tool,” ignore it.
If you already have this malware on your computer, you might not be able to access Internet Explorer or any other programs.
You will have to boot your computer into Safe Mode. For detailed step-by-step instructions use another computer or smartphone to read Microsoft Support: How to remove the MS Removal Tool from your computer.
If you can access Internet Explorer or another web browser, use the Microsoft Safety Scanner to scan your computer and remove the MS Removal Tool.
To help protect yourself from malicious software, download and install Microsoft Security Essentials.
For more information on rogue security software, see Watch out for fake virus alerts.
Today the Microsoft Security Response Center (MSRC) posted details about the May security updates. On Tuesday, May 10 at approximately 10 AM Pacific Time Microsoft will release 2 bulletins: 1 critical and 1 important.
The easiest way to get the updates when they're available is to turn on Windows automatic updating. For more information about how this works, see Understanding Windows automatic updating.
The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to allow customers (especially IT professionals) to plan for effective deployment of security updates.
Advanced Notification includes information about:
For more information about the security updates that will be released on May 10, see Microsoft Security Bulletin Advance Notification for May 2011.
For official risk and impact analysis, as well as deployment guidance, visit the MSRC blog. If you are on Twitter, you might want also want to follow @MSFTSecResponse.
If you’re searching for news about or pictures of Osama bin Laden, you might find malware instead. This week the FBI warned computer users to be especially careful of emails that claim to show photos or videos of bin Laden’s death.
Cybercriminals are quick to put up fraudulent websites that people will find when they’re searching for popular news topics. These sites often contain fake security software that tries to trick you into downloading malware by making you think that your security is at risk.
Only click links on websites that you trust. If you’re on a news website and you see a pop-up window that advertises security software, do not click it. Computerworld reports that these risks apply to people who use either the Windows or the Mac operating system.
Here are two free ways to help protect yourself:
I am my mother’s tech support person. As the only employee of Microsoft in our family, the role naturally fell to me.
Even if you don’t work in the technology sector, I’ll bet that many of you are also charged with keeping your mom’s computer safe from malware and keeping her personal information out of the hands of cybercriminals.
In honor of Mother’s Day, here are five important gifts you can give your mom to help her secure her computer. (Hint: These work for dads too!)
1. Make sure your mom has automatic updating turned on. When regular or unscheduled updates are ready to download, she doesn’t have to think about it.
2. Make sure your mom has a firewall and that she keeps it turned on.
3. Scan your mom’s computer with the new Microsoft Safety Scanner and remove any malicious software that she might already have on her computer.
4. Install antivirus software from a trusted source and make sure it updates itself automatically. We recommend Microsoft Security Essentials.
5. Show your mom some examples of popular scams and warn her not to open spam email messages, not to click links on suspicious websites or in pop-up windows, especially when they claim to sell antivirus software.
If your mom is at all interested in learning how to do this herself (mine isn’t), don’t forget to sign her up for our security newsletter.