Scammers embrace McAfee fiasco to pitch fake AV

Poison search results to put links that lead to scareware in front of frustrated users

Scammers have quickly piggybacked onto news of a buggy McAfee antivirus update that clobbered thousands of computers, security researchers said today.

Early Wednesday, McAfee released a flawed signature update that wrongly tagged a crucial system file in Windows XP Service Pack 3 (SP3) as malware. After the software quarantined the "svchost.exe" file, thousands of PCs, most of them in businesses, crashed and rebooted repeatedly.

Firms are still dealing with the aftermath , with some companies forced to manually reconfigure hundreds or even thousands of systems.

The debacle made news not just in the technical press, but in more mainstream outlets, including the New York Times and USA Today .

And news is scammers' bread and butter. Using their now-traditional technique of poisoning results at majorsearch engines like Google and Bing, "scareware" makers have pushed links touting fake antivirus software to at or near the top of the results lists, said Graham Closely, senior technology consultant with Sophos.

The links appear when users type search terms such as "McAfee update" and "McAfee 5958," the latter a reference to the faulty update's designation, added Panda Security in a post to its company blog today.

"If you click on a dangerous link like this, then you risk the chance of your computer being hit by a fake anti-virus attack, which may attempt to con you out of your credit card details or trick you into install[ing] malicious code onto your computer," said Cluley in a post to his blog .

McAfee owned up to the problem -- Barry McPherson, executive vice president of support, said "No excuses" late Wednesday -- and the company has posted guides to help businesses and consumers restore incapacitated PCs. On Wednesday afternoon, McAfee issued a replacement update for the faulty signature file.

That did little to soothe some frustrated users. "Today has been a nightmare. Maybe time to look at a new virus solutions once the license expires," said a user identified as "alomas" on a McAfee corporate support forum thread that has nearly 150 messages. "Could not handle another day like this and confidence in McAfee at an all time low."

Fake security software is a very lucrative and thus popular part of the cybercrime ecology. According to a 2008 report, crooks can make as much as $5 million annually in the practice. McAfee rival Symantec, meanwhile, recently reported that the second-most-downloaded piece of malware during 2009 was the "FakeAV" Trojan horse, which displays false alerts and lowers security settings on compromised PCs. The phony alerts try to dupe users into heading to a site where they can download the sham software.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Scarewaremcafeeantivirus

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?