Here at SecurityWatch, we often talk about malware that masquerades as legitimate software in order to trick users into downloading and installing rogue programs. Users need to remember two important tips in order to steer clear of these malicious applications.
Install from Authorized Sources
Cyber-criminals
behind these scams rely on users downloading software from unauthorized
sources to push their fake products. On Tuesday, Trend Micro researchers
reported a banking Trojan that passed itself off as an installation
file for Google Chrome to Brazillian and Peruvian users. Even though the
fake installer had the same name as the legitimate file
(ChromeSetup.exe), users should have been leery of the fact that the
files appeared to be hosted on sites such as Facebook and MSN.
Many users often get hit with rogue software when they try to get
pirated versions of software. This isn't a discussion on whether or not
you should download pirated software, but it seems pointless to try to
download free software (such as Chrome) from alternative sources.
Remember the recent furor over the Flashback Trojan that infected Macs?
Flashback got its name because it pretended to be an update file for
Adobe Flash. If you need Flash, take the time to go to Adobe.com and
download from there directly.
"Use caution when you click links in email or on social networking
websites," recommended Tim Rains, director of Trustworthy Computing at
Microsoft on the Microsoft Security blog.
However, one of the links identified by Trend Micro happened to be a
Google Brazil address. While Net-savvy users may be aware that large
companies such as Google are unlikely to link directly to an executable
file, this is very tricky. Here is where tip number two comes in. Have a
firewall and security software running.
No, Really. Stick to Legit Sources
There is a
lot of discussion in security circles over the value of anti-malware
tools, especially since many malware writers test their code to bypass
major scanners. While there are malicious software that can slip through
at the beginning of an outbreak, not having security software in place
is akin to leaving the door open in a house and being surprised the
burglars came in. Most security software nowadays have several layers of
protection to detect and trap unknown variants. PCMag.com has a lot of
reviews, for instance, Norton 360 Everywhere, Webroot SecureAnywhere Complete, and Bitdefender Total Security 2012.
"Install antivirus from a company that you know and trust, and keep it up to date," wrote Rains.
It's not just security software that needs to be kept up-to-date.
Operating system and other commonly used software, such as Flash,
Reader, Java, Microsoft Office, Web browsers, among others, should be
regularly updated. "Use automatic updating to keep your operating system
and software up to date," Rains added.
Many companies are moving towards automatic updates. Turn it on, or run the install from within the application to avoid getting caught by fake update warnings.
Going back to the first point, the security software should come from
legitimate sources, as well. Researchers at GFI Software last week
identified a Twitter campaign promoting antivirus applications. The
problem was, these "must-see" tools were actually scareware.
Unsuspecting users who clicked on these links wound up downloading and
installing fake antivirus which claimed to find tons of issues with the
computer. Some of these links actually directed users to sites
boobytrapped with the Blackhole exploit kit to download additional
malware before recommending that users download "Windows Antivirus
Patch" to remove the infection, GFI warned. The catch in this and other
scareware scams, is that the user ponies up (often for $79) for a paid
version that does nothing.
Cyber-criminals are crafty and are always working on ways to trick
users into downloading their applications. Don't make it so easy for
them.