A report by Google released May 3, analyzed 240 million Web pages and uncovered more than 11,000 domains involved in fake antivirus distribution. That accounts for about 15 percent of all malware (malicious or harmful programs).
The 13-month study conducted between January 2009 and February 2010 is part of Google's efforts towards "Safe Browsing technology" and it shows that scammers are increasingly turning to social engineering to distribute malware rather than exploiting holes in software.
Many experts claim that the more "are you sure" and "are you really, really sure" messages that are presented to users (a big complaint about Windows Vista) the more the user grows accustomed to casually clicking proceed. Instead of causing the user to think twice or read the message, it trains users to think less and click more.
This increase could also be a consequence of protection software getting stricter and vulnerabilities being patched by software makers more quickly. It is reasonable to assume that if cyber-attackers cannot find a breach in the "security fence" then the next logical step is to get let in the front door by simply convincing the user to open up.
This kind of social engineering is nothing new. It can take on many forms aside from fake anti-virus. Take phishing scams for instance. Most of us have received an email at some point making unfounded claims, promising large rewards or attempting to look like it's from our bank. Sometimes the poor wording, or suspicious from-address can give it away, but a well composed look-alike can often fool the best of us.
As always, if you don't scrutinize every claim, you could likely get fooled. It's no fun to get ripped off, but you'll feel even worse afterwards if you realize you basically handed over your money, credit card or password to a scammer.
0 comments
Post a Comment