Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Links to the rogue sites are located not in search results, but advertisements that appear to the right of search results on Google. Patrik Runald, chief security adviser at F-Secure, said he discovered this last week when he was doing a Google search for his company. “I was just doing a search for F-Secure and saw a suspicious ad on the right hand side, and found it lead to a fake security product,” Runald said.Runald alerted Google and they took down the malicious ad promptly, he said. But afterwards, he started searching for other security firms and products and found malicious ads appearing on searches for Norton, McAfee, and Trend Micro as well.Runald said many of the ads are extremely similar regardless of what security companies a user searches for. The ads say “free AV,” “free anti-spyware,” or “clean up your PC.”“I have only spent two hours checking and have been able to find five to 10 tools that are all fake,” Runald said. If a user downloads the products -- which have been called “Error Repair Tool” and “RegFix Pro” -- it will say a user's PC has a number of “errors” or “problems,” and will then ask the user to fork over US$39.95 for the product. Craig Schmugar, threat researcher at McAfee, said that there is more research to be done on this threat, but based on what he has seen these are not fake anti-virus products. The difference is that fake AV products pretend to scan a user's system and find fake viruses and cause a number of problems, whereas this rogue software is based on some limited, if misleading, truth.When this program scans a users system it will find a number of “problems” that are not really severe. For example, when a user deletes a program, but does not delete the icon for the program on their desktop, the program will find the icon as one of the “problems” that needs to be cleaned. In reality, the icon leads nowhere, but it's likely not causing any problems by being there, Schmugar said.“The problems that they are finding are not critical errors and aren't causing any problems with the operating system running properly,” Schmugar said.He added that the program is very aggressive in the way that it reports the errors it's finding. Schmugar said software is kind of in a gray area -- he wouldn't call it malicious, but rather, “buggy.” A Google spokesman told SCMagazineUS.com in an email that though these sites are not necessarily serving malware, they are in violation of Google's policy. "We actively work to detect and remove sites that serve malware in our ad network, and we immediately suspend accounts found to contain ads that point to sites that install malware," the spokesman said. "That said, I'm not sure that this is strictly malware because my understanding of the site is that it gives users who download the program false positives to get them to send their money. Per our AdWords Content Policy, advertising is not permitted for sites that make false claims."See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.