McAfee Notes Spread of Bogus Security Software

McAfee warns of an increase in malware posing as legitimate security software in its bi-annual Security Threat journal report. McAfee also noted a jump in Trojans using social engineering techniques to spread, and reveals evidence that is the most popular domain for typosquatting.

Think it's safe to download a patch from your e-mail? Not so fast.

According to a new report by McAfee, cyber-criminals are increasingly capitalizing on users looking to protect their PCs with the latest updates. In its bi-annual Security Journal threat report, McAfee noted a jump in the amount of malicious software posing as applications from security vendors.

Almost on cue, news of a Trojan masquerading as a Microsoft update has been made public. The Trojan, identified by Sophos as Mal/EncPk-CZ, is being spread via e-mails with the subject line "Security Update for OS Microsoft Windows." The e-mails come on the eve of Patch Tuesday, Microsoft's monthly security update. Users should be aware, however, that Microsoft never delivers its patches through e-mail attachments.

In other cases, cyber-criminals use pop-up ads to tell users their computers are infected and then offer to clean the user's machine. But when the user downloads the file, they don't get increased protection - only malware.

All this is part of an ongoing trend to ensnare victims using social engineering. According to McAfee, the number of Trojans using social engineering techniques has increased 150 percent since 2006. The scams often rely on current news and events, such as the Olympics and the U.S. presidential election.

"Cyber-criminals are crafting attacks that are virtually impossible for computer users to identify," said Jeff Green, senior vice president, McAfee Avert Labs, in a statement. "Phishing scams, e-mail attacks, Trojan horses and other attacks are so personalized that even someone with the most watchful eye could fall for a carefully socially engineered trap."

But traps come in all shapes and sizes, and typosquatting remains a tried and true method to get users to visit rogue Web sites that can be loaded with malware. According to McAfee, some of the most popular domains for typosquatting are and In the report, McAfee officials reveal they found 742 typosquatting domains for Some 320 typosquatting domains were found for YouTube.

"No matter where you live or what language you speak, cyber-crooks will exploit basic human nature, zeroing in on emotions of fear, curiosity, greed and sympathy," said Green. "Criminals understand human weaknesses and will increasingly use the power of the Internet to exploit those weaknesses. It's an easy way for cyber-crooks to make money and for spies to steal sensitive data."