KrebsOnSecurity.com: The presence of rogue anti-virus products, also known as scareware, on a Microsoft Windows computer is often just the most visible symptom of a more serious and insidious system-wide infection. To understand why, it helps to take a peek inside some of the more popular rogue anti-virus distribution networks that are paying people to peddle scareware alongside far more invasive threats. ... Distributors or “affiliates” who sign up with avprofit.com, for example, are given access to an installer program that downloads not only rogue anti-virus but also ZeuS, a stealthy piece of malware that specializes in mining online banking credentials from infected PCs. ZeuS is the very piece of malware directly responsible for helping thieves steal tens of millions of dollars from small to mid-sized businesses over the past year. ... Avprofit says it will pay affiliates roughly $1,000 for every 1,000 times they distribute this installer program, or about $1 per install. Typically, affiliates will embed these installers at porn sites or bundle them with programs seeded on peer-to-peer file-sharing services. The nightmare for the victim starts when he or she responds to the fake anti-virus pop-up warning of supposed threats resident on the victim’s PC, by agreeing to download and run a scanning tool.
Read more at KrebsOnSecurity.com ...
Citadel Information Group
Information Security Management for Business and the Not-for-Profit Community
www.citadel-information.com
Delivering Information Peace of Mind ®
www.citadel-information.com
Delivering Information Peace of Mind ®
Posts
Search This Blog
Index of Topics
- Business at risk (115)
- Citadel in the news (7)
- Citadel Information Security Guides (8)
- Citadel: Guide to Blog (1)
- Citadel: Thinking about Security (10)
- Cloud Security (2)
- Consumers at risk (13)
- Credit card fraud (14)
- Culture Change (1)
- Financial systems security (67)
- Healthcare (7)
- Identity theft (30)
- Insurance (1)
- Internet badlands (113)
- ISSA-LA (2)
- Law Firms (2)
- Legal (23)
- Miscellany (6)
- national security (46)
- Not-for-Profit (5)
- Privacy (27)
- Ray of Sunshine (15)
- School security (3)
- Security Alert: Vulnerability Management (74)
- Security management (24)
- Security Research (5)
- Security Surveys (13)
- Social Engineering (1)
- Social networks (13)
Blog Archive
-
►
2011
(2)
- ► January 2011 (2)
-
▼
2010
(237)
- ► December 2010 (6)
- ► November 2010 (9)
- ► October 2010 (7)
- ► September 2010 (8)
- ► August 2010 (13)
- ► April 2010 (39)
-
▼
March 2010
(65)
- Spam Site Registrations Flee China for Russia
- More C-Level Involvement Needed in Cybersecurity, ...
- Separating April Fools’ From Fraud on the Web
- Online Thieves Take $205,000 Bite Out of Missouri ...
- Technology Coalition Seeks Stronger Privacy Laws
- FBI: Business Can Help Fight Cybercrime by Reporti...
- Apple Fixes More Than 90 Security Vulnerabilities ...
- E-Mails of Activists, Academics and Journalists Ha...
- Microsoft Releases Emergency IE Fix
- Facebook Proposes Changes in Privacy Policy to Sha...
- New Inexpensive "Sniffer" Captures Keystrokes From...
- Would You Have Spotted this ATM Fraud?
- Cybercrime Law Update from Washington
- Cybercriminals Make $$$$$ Peddling Rogue Anti-Viru...
- Riskiest Online Cities: The Emperor Has No Clothes
- More Online Bank Theft Victims
- Banking laws leave business customers vulnerable t...
- How Privacy Vanishes Online
- Paper in China Sets Off Alarms in U.S.
- In Bid to Sway Sales, Cameras Track Shoppers
- Bad BitDefender Antivirus Update Hobbles Windows PCs
- Google patches Chrome days before hacking contest
- Mozilla confirms critical Firefox bug
- Naming and Shaming ‘Bad’ ISPs
- After weeklong fight, rogue ISP Troyak struggles f...
- Measure would force White House, private sector to...
- Closing Down ISPs that Allow Malicious Activity
- Revised Cybersecurity Bill Introduced in Senate
- FCC Broadband Plan Calls For Enhanced Cyber Defenses
- Google Attacks Highlight Growing Problem of Cyber ...
- Texan accused of disabling 100 cars over Internet
- Researchers Map Multi-Network Cybercrime Infrastru...
- The Snitch in Your Pocket
- MSE Users: Check for Updates, Piracy
- eBanking Victim? Take a Number.
- Stopgap IE Fix, Safari Update Available
- Identity theft may be prelude to more serious crime
- FBI: Online Fraud Costs Skyrocketed in 2009
- Apple plugs 16 holes in Safari as Pwn2Own looms
- ZeuS botnet code keeps getting better… for criminals
- Massachusetts Data Security Rules to Have National...
- Zeus botnet temporarily disrupted, but back in ful...
- Crooks Crank Up Volume of E-Banking Attacks
- Dozens of ZeuS Botnets Knocked Offline
- Law Firms slow to awaken to cybersecurity threat
- Security gaps exploited in grade scandal remain, m...
- Verisign: Security Solutions Overwhelming to Consu...
- Monoprice.com Shuttered After Fraud Complaints
- Microsoft Patch Tuesday: Two Bug Fixes, IE Warning
- Cyber Crooks Leave Traditional Bank Robbers in the...
- LifeLock Will Pay $12 Million to Settle Charges by...
- Energizer DUO: Trojan yourself for only $19.99
- Victim Asks Capital One, ‘Who’s in Your Wallet?’
- Fiserv to Banks: Stay on Outdated Adobe Reader
- New Massachusetts Data Privacy Law
- FBI to Private Sector: Cybersecurity Joint Effort
- Yep, There’s a Patch for That
- Regulators Revisit E-Banking Security Guidelines
- Homeland Security Chief Details Cyber Threats
- Criminal investigation opened in grade-changing sc...
- New BlackEnergy Trojan Targeting Russian, Ukrainia...
- RSA panel: No easy solution for Zeus Trojan, banki...
- White House: Comprehensive National Cybersecurity ...
- Information on U.S. website for medical data theft...
- Wyndham computers hacked into again for credit car...
- ► February 2010 (38)
- ► January 2010 (27)
-
►
2009
(83)
- ► December 2009 (17)
- ► November 2009 (7)
- ► October 2009 (9)
- ► September 2009 (22)
- ► August 2009 (17)
- ► February 2009 (1)
Information Security Links
- Citadel Information Group
- Google Online Security Blog
- Information Systems Security Association
- Information Systems Security Association - LA Chapter
- InfraGard - Los Angeles
- Krebs on Security
- Microsoft Malware Protection Center
- MITRE CVE
- NIST Computer Security Resource Center
- Open Web Application Security Project (OWASP)
- Privacy Rights Clearinghouse
- SANS Internet Strom Center
- US CERT
Disclaimer
Citadel provides this blog as a public service to the community. We make no claim or representation that items posted on this blog are correct. We post "Security Alerts" primarily to assist readers manage security vulnerabilities on their personal home computers; these alerts are NOT comprehensive and are not to be relied upon as such.
(c) Copyright 2009-2010. Citadel Information Group. All Rights Reserved.
Permission is given to re-post and re-print blog postings provided that attribution is given to Citadel Information Group, the above copyright is included and the following link to our website is provided: www.citadel-information.com
(c) Copyright 2009-2010. Citadel Information Group. All Rights Reserved.
Permission is given to re-post and re-print blog postings provided that attribution is given to Citadel Information Group, the above copyright is included and the following link to our website is provided: www.citadel-information.com