On August 6, 2009, one of the world’s most promising social networks of 140 character pieces of conversation, announcements, requests for help and more … was sadly attacked by distributed denial of service attacks. It was a happy day, as their CEO announced on their blog, until customers and users were suddenly not able to keep up their rewarding interactions for business, fame and friendship. On this same Thursday, not only Twitter was affected but also Facebook, LiveJournal and several Google sites, online banks and credit card payment gateways. The DDoS seemed to be released along with the launch of a new Koobface malware run. Its innocent host were Twitter messages from a distribution vector for fake security software, also known as scareware.
What is scareware? It is one of many Internet scams. The tactic displays messages on one’s monitor of any device stating it is under attack. The scareware is pretty good at pretending to be the perfect anti-virus response. The multi-million dollar scam business uses fake versions of commonly seen virus alerts and Windows, Apple or other operating system messages. They look genuine.
Some examples of scareware are the SpySheriff, AdwarePunisher, Total Secure 2009, XP Antivirus 2009, Total Secure 2009, Anti-Virus 2013, and the Blue Screen of Death. The last one exploits vulnerabilities in the NetBIOS handler of some Windows systems. A technical description of what happens is that “give and take” occurs between CIFS (Common Interest File System) Browser Protocol and NetBIOS (Network Basic System) which is standard in Windows systems 95, 98, NT, and 2000. The vulnerability enables remote hackers to change the dynamic NetBIOS name cache entries through a spoofed Browse Frame Request because there are still millions of machines that access the Internet that predate XP, Vista, and other newer Windows machines. The machines most vulnerable are those that have not been patched since
2009 when scareware first became a popular online attack tool.
In everyday language, scareware can do scary things such as suddenly add new icons to the standard notification bar, change a user’s desktop BG image, and make a person feel like they are stuck in a website and can never leave unless they install the software being fraudulently hyped. If the user will just pay $29.95, the fake anti virus or cyber security software (scareware) insists that it is a valid and reliable solution and will remove the infection. It can take complete control of what will become an affected system. It can install malicious programs. It can see, change, and delete any information on the infected machine, no matter how private
Though many elements must be in place in order to become a victim of scareware, Internet users deserve to become knowledgeable so that all can take necessary precautions. Where there is DDoS (distributed denial of service), there is very likely a matching scam for money and/or power. DDoS is often just a mask for something worse. DDoS defense and mitigation starts with readiness. Contact us at BlockDos to work the perfect plan to be prepared.