What are Fake Alerts?
Fake alerts usually consist of messages appearing on your computer screen warning of imminent danger to your PC. These usually only appear when you are browsing the internet, and is usually a marketing ploy designed to persuade computer users to purchase antivirus or spyware products.
Some of these alerts attempt to mimic the look and feel of legitimate windows and dialogue boxes in windows explorer. Some of these are even designed to infiltrate your pc with a virus or spyware. Yes, strange but true but an alert could actually be the dropping off point for the latest piece of malicious software, so caution is advised!
Fake Alerts are Sophisticated!Let's take a look at a typical alert, and the type of things it can lead to. One such "phishing" attack is called "Hidalgo" and related to a spyware removal tool on the Brazilian version of the Semantic website. An email was forwarded in Portuguese to download a spyware removal tool. Upon clicking the link provided in the email victims were redirected to what looked like a legitimate version of the website and a "download" button was provided.
Even the downloaded executable had a legitimate looking icon belonging to Semantic but if the user clicked on the executable a Trojan named "Trojan.Bakloma" was unleashed. This was an information stealing program designed to discover which sites you visited, especially banking websites. It was quite a complex process but it was designed for identity theft.
The total process is as follows :
- 1. Send out a fake email requesting the user to download a spyware removal tool.
- 2. Monitor the websites the user visits, especially internet banking websites.
- 3. Send out a warning that the user needs to change their personal details on the site they have detected.
- 4. Provide a "look-alike" online form which looks genuine and from the original banking website.
- 5. The victim unwittingly provide their personal details to the online form.
- 6. The identify theft operation is complete.
The next time something happens the victim has lost money from their bank account or some unauthorised transactions appear on their statements. As you can see this process was quite sophisticated and involved some nifty programming and design work. The perpetrators of these types of attacks are cunning and devious.
Another problem is that some alerts continue to "nag" you to accept the offer or open up one web site after another when you attempt to close it. If you click "no" they sometimes provide another message asking you to reconsider. This also happens with genuine products and is an annoying aspect of computer marketing.
Fortunately, email spam filters sometimes catch the dodgy looking emails, but quite a few can get through. The alerts can come in the form of email, or as a dialogue window within a browser. Quite often the window has not been displayed by the current website you are viewing but is as a result of existing malware on your PC. Over time an alert can change to suit the most viable attack strategy. At the end of the day they are just malicious programs, so be warned!