Fake scareware av-scanner "hacks" into Microsoft.com

Hi malware fighters,

Researchers of av-solution Sunbelt have found a new social engineering attack through which it seems Microsoft is offering fake av-scanners. To get victims to pay for DefenceLab scareware, the malcode re-directs users to a real MS page. The scareware injects in real-time HTML code inside the locally shown Microsoft.com page, to fake Microsoft suggesting to use DefenceLab. According to AVG’s Roger Thomspson this is a very clever social engineering trick that will make a lot of victims.

The av-solution developer warns that the Microsoft website can be abused in other ways. Where Antivirus System PRO scareware is concerned the HOST file is being altered, so all request to Microsoft.com will land on a page, where one can buy the fake av-solution. A less licked attack than the one discovered by Sunbelt’s, but both attack vectors show the “baddies” can be as sly as they come. “Who would ever have thought they would ever alter HTML code and would mess with URLs like Microsoft.com, well they do now.”

Links: http://sunbeltblog.blogspot.com/2009/12/new-social-engineering-technique-use.html
http://thompson.blog.avg.com/2009/12/microsoft-hack.html

polonus

Okay all i need to do to be totally protected from this type of attack is to simply unplug my PC cart it off to the curbside , great i am in luck garbage collection happens to be tomorrow, This is getting ridiculous don’t these butt heads have anything better to do. polonus Nice heads up by the way