Fake AV Driving Adware Boom

By Matthew Hines  |  Posted 2008-10-06 Print this article Print

Adware volume jumped during Q3 of 2008, driven largely via the use of schemes involving fake anti-virus programs, security researchers report.

According to PandaLabs' Q3 Quarterly Report, over 31 percent of the malicious programs tracked by the company between July 1 and September 30 '08 were adware applications that attempt to load themselves onto end users' computers without receiving proper permission to do so.

As a result, Panda estimates that adware programs also accounted for a greater number of malware infections during the third quarter than any other type of attack, accounting for 37.49 percent of all contaminations it monitored during the timeframe.

The rise in adware programs represented a 10 percent climb over Q2 2008, when they accounted for only one-fifth of all the malicious programs that PandaLabs tracked.

As awareness of the malware epidemic has grown in the mainstream, attackers have increasingly attempted to leverage heightened sensitivity to classic threat models against unsuspecting end users via the adoption of fake AV programs.

Advertised as free applications useful for helping people find malware that has already infected their machines, the phony AV files typically instead load various types of threats onto their computers.

Once installed, many of the fake AV threats also ask users to pay for a more comprehensive version of their software to help clean infections from the machines, therein luring people to hand over their credit card data and personal information directly to attackers.

Even with the jump in adware attacks, PandaLabs reported that Trojan threats continue to dominate the quarterly malware standings, accounting for almost 60 percent of all samples that the company observed between July and September.

The time-honored worm (4.53 percent) and spyware (2.93 percent) models also remain in the mix, although obviously in far smaller proportions.

Trojans (28.7 percent) and worms (11.56 percent) ranked in second and third place, respectively, in terms of the infections that PandaLabs tracked during Q3.

In the world of spam, the company reported that there was a noticeable increase in the sheer variety of techniques it saw during the quarter, with a particularly sizeable gain in the volume of campaigns being advertised as e-mail non delivery reports (NDRs).

Though, PandaLabs researchers said that some of the growth may in fact be related to a large number of poorly-configured mail servers, versus a major rise in use of the model by phishers and badware brokers.

However, the technique is proving useful for actual spammers since many filtering technologies do not seek to block messages bearing NDR subject lines, the company said.

"This technique is used by cyber-crooks to bypass anti-spam systems, as junk mail will be delivered if it is in someone's list of contacts," Luis Corrons, technical director of PandaLabs, said in a report summary.

PandaLabs predicts that as a result of the higher delivery rate of NDR-based spam, schemers will utilize the technique more frequently going forward.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel