Crooks trying out new tactics to spread fake AVre

  • 20 August 2014
  • 0 replies
  • 669 views

Userlevel 7
By: HNS Staff/ Posted on 20.08.2014
 
Infection numbers of well-established fake AV families have reached the lowest level in years, and Microsoft researchers believe the drop is the result of the antimalware industry's efforts and greater user awareness.

As vacuums usually tend to get filled again pretty soon, other malicious players have tried to step in. Case in point: the Defru rogue AV.

Defru's modus operandi is simple. It modifies Windows' hosts file - the file that tells the PC what webpage to go to when the user types a URL into the Internet browser - to redirect users to a malicious website that sports a fake infection warning:


http://www.net-security.org/images/articles/winsec-20082014.jpg
This redirection happens if the user wants to visit one of the 300+ websites that include those of popular AV vendors, security forums, news sites, online services, social networks and search engines.

 
Help Net Security/ Full Article Here/ http://www.net-security.org/malware_news.php?id=2847

0 replies

Be the first to reply!

Reply