McAfee warns of an increase in malware posing as legitimate security software in its bi-annual Security Threat journal report. McAfee also noted a jump in Trojans using social engineering techniques to spread, and reveals evidence that freecreditreport.com is the most popular domain for typosquatting.
Think it's safe to download a patch from your e-mail? Not so fast.
According to a new report by McAfee
cyber-criminals are increasingly capitalizing on users looking to
protect their PCs with the latest updates. In its bi-annual Security
Journal threat report, McAfee noted a jump in the amount of malicious
software posing as applications from security vendors.
Almost on cue, news of a Trojan masquerading as a Microsoft update
has been made public. The Trojan, identified by Sophos as Mal/EncPk-CZ,
is being spread via e-mails with the subject line "Security Update for
OS Microsoft Windows." The e-mails come on the eve of Patch Tuesday,
Microsoft's monthly security update. Users should be aware, however,
that Microsoft never delivers its patches through e-mail attachments.
In other cases, cyber-criminals use pop-up ads to tell users their
computers are infected and then offer to clean the
user's machine. But when the user downloads the file, they don't
get increased protection - only malware.
All this is part of an ongoing trend to ensnare victims using social
engineering. According to McAfee, the number of Trojans using social
engineering techniques has increased 150 percent since 2006. The scams
often rely on current news and events, such as the Olympics and the U.S. presidential election
"Cyber-criminals are crafting attacks that are virtually impossible
for computer users to identify," said Jeff Green, senior vice
president, McAfee Avert Labs, in a statement. "Phishing scams, e-mail
attacks, Trojan horses and other attacks are so personalized that even
someone with the most watchful eye could fall for a carefully socially
But traps come in all shapes and sizes, and typosquatting remains a
tried and true method to get users to visit rogue Web sites
that can be loaded with malware. According to McAfee, some of the
most popular domains for typosquatting are freecreditreport.com and
YouTube.com. In the report, McAfee officials reveal they found 742
typosquatting domains for freecreditreport.com. Some 320 typosquatting
domains were found for YouTube.
"No matter where you live or what language you speak, cyber-crooks
will exploit basic human nature, zeroing in on emotions of fear,
curiosity, greed and sympathy," said Green. "Criminals understand human
weaknesses and will increasingly use the power of the Internet to
exploit those weaknesses. It's an easy way for cyber-crooks to make
money and for spies to steal sensitive data."