subscribe: Daily Newsletter

 

Fake antivirus products spark adware surge

0 comments

Adware increased more than any other type of malware during the third quarter of the year, accounting for about 31% of all new malware that appeared in that quarter, an increase of almost 10% from the previous three months.

According to a PandaLabs report, the reason for this surge is the increase in fake antivirus products used to trick users, infect computers and, ultimately, defraud the victims.
"Fake antivirus products, when run, appear to carry out a scan of the computer and inevitably detect a series of infections which are actually completely false," says Jeremy Matthews, head of Panda Security's sub-Saharan operations. "The applications claim that in order to 'disinfect' the computer, users must buy the pay-version of the antivirus.
"If users fall for this ruse, they will be paying to remove malware which never really existed. The objective of cyber-crooks is, as in most cases, to profit financially."
Despite this growth in adware, there were more Trojans than any other category of malware, accounting for almost 60% of all malware samples that appeared between July and September. Worms (4.53%) and spyware (2.93%) were the other most prevalent categories.
Adware, however, was responsible for more infections than any other type of malware, accounting for 37.49% of all infections recorded by PandaLabs. Trojans (28.7%) and worms (11.56%) were in second and third place respectively.
The last few months have also witnessed a notable rise in a new type of spam technique: NDRs. An NDR (Non Delivery Report) is an email automatically sent by mail systems to inform senders of problems delivering their messages.
NDRs are therefore not (at point of origin) spam, but legitimate emails usually delivered by badly-configured mail servers. At present, leading anti-spam companies do not consider that spam is defined by content, instead they regard spam as "unsolicited emails sent on a massive scale. NDRs are regarded as solicited mail, as in theory they respond to an email sent by the victim. As a consequence, anti-spam techniques used up until now are not effective against these types of messages.
Moreover, the actual amount of spam distributed is doubled, as the fact that a user receives an NDR corresponding to an email he hasn't sent, means that somebody is sending spam using his email address. This is achieved by stealing legitimate email addresses using malware, or buying them on forums, and using them as the sender through an SMTP service.
The target mail server does not verify if the sender's address is legitimate and only ensures that the target address exists. If it does exist, it will receive the spam, and if it doesn't, the real owner of the sender's address will receive junk mail in the form of an NDR.
"This technique is used by cyber-crooks to bypass anti-spam systems, as junk mail will be delivered if it is in someone's list of contacts," says Matthews.