It’s a common, somewhat frightening and potentially expensive experience: A user is on a Web site when a sudden pop-up alerts him that his computer is or may be infected with viruses and drives him to a site selling antivirus software.
A user may react by closing the pop-up and hoping it doesn’t happen again, or he or she may purchase the advertised software, as inadvisable as this might be. According to computer security firm Finjan, this practice, known as “scareware,” can net its practitioners as much as $10,000 a day. It’s not surprising, then, that this is a growing industry; a report released this past March by the Anti-Phishing Working Group found 9,287 bogus anti-malware programs in circulation in December 2008, a 225 percent rise from the beginning of the year.
“The reason people are falling victim to these types of fake antivirus products or alerts is because they don’t know what is good and bad,” said Melih Abdulhayoglu, CEO and chief security architect of computer security provider Comodo. “You have no means to verify that. In the real world, when you go to Home Depot [and] you buy a $5 padlock, even [that] comes with a standard, yet something as important as your desktop security has no standards whatsoever. That lends itself to people defrauding end-users by giving them any old rubbish — effectively giving them malware pretending to be an antivirus product.”
To address this, a new forum of security vendors has been established: the Common Computing…
Please log in or subscribe to read this article