Several computer security companies track and report various trends within Internet and personal computer security. One such group is called VIPRE. In their February 2012 report they explain a resurgence of rogue Anti Virus software infections spreading throughout the Internet.
According to this VIPRE report, many of these infections arrive via clicking on a link from SPAM that originates from someone you already know. Somehow they have been able to get into an address book. We have spoken on this previously at this blog. Due to laziness, many people use the same email address password combination, typically using a password that is a real word or name. Usually these names are harvested from social media posts that expose something about the person behind the email address.
As mentioned in an article on this at Help Net Security:
“While the velocity at which rogues were successfully propagating may have slowed toward the end of last year, they are certainly back now, and they remain a popular tactic among cybercriminals,” said Christopher Boyd, senior threat researcher at GFI Software.
“Users should not let their guard down. As always – no matter how convincing they look – always take the time to evaluate any piece of software that claims your PC is infected, prompts you for a credit card number or asks you to share any sensitive data, especially if it’s software that you or your employer did not install.”
Many rogue AV programs are being distributed via spam containing malicious links to the Blackhole exploit, a tool used by cybercriminals to target unpatched vulnerabilities in software applications from industry leaders like Microsoft and Adobe.
Users infected by rogue AV may be redirected to fraudulent websites, have their systems hijacked by software appearing to scan their PCs or plagued by messages warning of viruses and other PC security risk. These scareware tactics trick users into providing credit card data to purchase non-existent protection.
Rogue AV utilities are continually tweaked in an attempt to avoid detection, with newer variants of these malicious applications propagating every 12 to 24 hours.
Read the entire article here.
As indicated by the bold section above, the infections arrive from a lack of updating both Microsoft operating systems (Automatic Updates) Adobe products (like their PDF reader called Adobe Reader, as well as Flash Player. Please click on these links to update these immediately.
Be careful as well that your workstations and servers do not have more than one brand of a PDF reader on the machines. This includes those machines that have both the Adobe Standard or Adobe Professional software and for whatever reason the Adobe Reader (free) as well. Sometimes technical support people insist that people download the latest version of reader regardless of already having Adobe Professional on the machine.
Check out the recent article from PC World concerning the irregular monthly update by Adobe to patch one of the most recent releases of Flash. Detail from this article explains:
The vulnerable software version is 126.96.36.199 and earlier for Windows, Mac, Linux and Solaris operating systems, which should be updated to version 188.8.131.52.
Adobe advised that some users may not be able to upgrade to the 184.108.40.206 version. Those users should download a patched version of Flash 10.x, which is version number 10.3.183.16.