Rogue Security Apps Top Fortinet’s Most Reported Threats For August 2008

INDIANAPOLIS – Fortinet thas announced that two rogue security applications, AntiVirus XP 2008 and XP Security Center, have claimed the top two positions in Fortinet’s Top 10 most reported threats for August 2008 with nearly 20 per cent of the month’s activities.

“They try to entice users that they are legitimate security applications like virus scanners and spyware scanners but in fact it is a social engineering tactic and they are not functional whatsoever” said Derek Manky, security researcher for Fortinet.

He added that both of these rogue security applications look professional and when a user clicks on either AntiVirus XP 2008 or XP Security Center, they will show a progress bar as if it is scanning their computer for viruses or spyware.

“The end result is these scans are informing users that they have hundreds of these infections, malicious files on their computer. But because this is a fake, these files don’t exist on the system and it becomes a tactic to scare users,” said Manky.

The revenue model for AntiVirus XP 2008 or XP Security Center is to drive people using their scare tactics to a website that tries and gets them to buy a solution that will clean out these fake infections. Prices range from $49.95 to $59.99 a month.

While these rogue applications aren’t putting malicious codes during the scanning process, they are connecting to a remote server which can accept commands and change behavior at any point in time.

AntiVirus XP 2008 or W32/Multidr.JD was especially prolific with a one-day attack in late August that dislodged mass mailer Netsky from its persistent number one position. Attacks from AntiVirus XP 2008 came through as an e-mail offering for free updates for Windows OS.

XP Security Center or HTML/Agent.HFZ!phish arrived in users’ in-boxes as a purported UPS e-mail with rogue XP Security Center attached, claiming to be an important document. Manky said they would often disguise themselves using the Microsoft Word or Excel icon to trick users into thinking they are legitimate but in fact they were executable files.

Manky said that because Fortinet is still seeing heavy activity of these rogue applications, he expects them to still remain in the top 10 most reported threats for next month.

“The concept isn’t new but the alarming thing is how active and aggressive it has been,” he noted.

When it comes to these applications, Manky said be aware of the tricks that they use, do research before investing in a security solution and only use the trusted players in the industry. As well, he added that users should be careful when icons appear to be Office attachments.

Other malware trends observed during this period include Virut.A, a virus that infects executable files, refusing to back down and remains in the top five position for seven consecutive months; Mytob and Pushdo mass mailers slid out of the top 10, but remain relevant; and Iframe traffic redirectors remain strong, moving up one position to sixth place from the July edition of this report.

This column was written by Vanessa Ho of ConnectIT, an IntegratedMarCompany