Rouge Pest Invade the Spyware Space

Finjan Inc. has announced the findings from its latest Web Security Trends Report, as published by Finjan's Malicious Code Research Centre (MCRC). The web threats heading the list are Rogue Anti-Spyware, Ransomware and Rootkits, all of which pose a real danger to Internet users.

Rogue Anti-Spyware Program in Security Portal
Rogue anti-spyware programs encourage people to download the program to rid their computers of malware. Users, under the impression that their computers are being scanned and cleaned, are in fact infecting their machines with spyware or adware. The application claims that it removes unwanted malicious programs and even scans a user's machine and finds existing spyware. Users are then directed to a website that pushes them to purchase a full version of the anti-spyware software. Users are offered an option for a free download, however when the user wishes to clean his/her system from the found malware, he/she has to purchase the full version of the program even though their computer was never really infected.

Ransomware
In a recent case, a ransom was demanded by hackers who managed to install Spyware (Called CryZip) on the victim's computer. The spyware takes personal files hostage until a ransom is paid ($300 was requested). The spyware uses archive software (like Zip) and creates a password protected archive which includes the victim’s personal files. The Spyware leaves a text message on a victim’s machine explaining what was done and warns the victim not to approach the police and just pay the ransom. The victim gets the password to the archived files only after the ransom is paid.

Rootkits
Another emerging trend is the use of Rootkits. A Rootkit can be used by attackers after gaining control of the victim’s computer. These tools hide the existence of running processes, files, directories, registry keys and other system objects from detection by host-based security software, as well as hiding the attacker’s presence on the victim's computer. A Rootkit helps the attacker to maintain access to the victim’s machine without the victim’s knowledge.

There are two types of Rootkits: User-Mode Rootkits and Kernel-Mode Rootkits.
- User-Mode Rootkits manipulate critical components of the victim machine’s operating system. The attacker can use a Trojan horse program which is disguised to look like Operating System programs (with hidden capabilities) and thereby gain full control over the victim’s machine.
- Kernel-Mode Rootkits manipulate function calls, and are hard to detect using Anti-Virus/Anti-Spyware applications.

"Our Security Centre is dedicated to the research and detection of web threats, and we monitor cybercrime as it’s happening - 24x7x365 around the world," said Yuval Ben-Itzhak, CTO of Finjan. "Our goal is to stay steps ahead of hackers attempting to exploit computer platforms and technologies, in order to protect our customers from the next malware to be developed. In the course of our work, we collect a wealth of information that is invaluable not only to our customers, but also to the wider IT security community. The Web Security Trends Report is our vehicle for making that critically important information immediately and continuously available."

Article Source: http://www.articles.ask-me-about.com

Dwight Brown writes about Spyware on his Blog www.adware--spyware--remover.com/