Security Alert: Fake antivirus spreading malware
Last Updated:
2010-03-16 04:00:00
Event:
2010-03-16 04:00:00
Status:
Closed
Brief Description:
User Impact:
N/A
Workaround:
There is no workaround for this issue
Current Status:
N/A
Services Affected:
Full Description:
The IT Security Office is seeing a surge in fake antivirus (FakeAV) infections on campus. Users that see pop-ups suggesting their system has been compromised should report it to local tech support. They should close the pop-ups, and under no circumstances follow the links to view information about the purported issue or purchase software. All campus users are encouraged to install and use Symantec Antivirus, free to members of the Cornell community, available at http://www2.cit.cornell.edu/security/symantec/.
CIT TDX ID:
Timeline of Changes
| Description | Current Status | Date | Time |
|---|---|---|---|
| FakeAV programs (also known as rogue antivirus) are "fraudware" - software meant to scare people into doing the following types of things:\n* Downloading malicious programs that take over your computer and use it to send out spam, spread viruses, record your keystrokes, etc.\n* Sharing personal information like passwords, credit card numbers, etc.\n\nFakeAV programs appear legitimate.\n* They create pop-ups that say things like "Dangerous spyware has been detected on your system."\n* They often have web sites where you can download and purchase software to "protect your system."\n* Some generate emails to confirm your purchase and offer *functioning* customer service phone numbers.\n\nWindows machines are currently the primary target. See Microsoft documentation at http://www.microsoft.com/security/antivirus/rogue.aspx.\n\nAn article about fake antivirus, describing some of the steps being taken by IT Security to protect our network, was published in the Cornell Chronicle on March 12. Please forward the article and information above to your users to spread awareness about this issue.\n\nhttp://www.news.cornell.edu/stories/March10/RogueVirus.html | FakeAV programs (also known as rogue antivirus) are "fraudware" - software meant to scare people into doing the following types of things:\n* Downloading malicious programs that take over your computer and use it to send out spam, spread viruses, record your keystrokes, etc.\n* Sharing personal information like passwords, credit card numbers, etc.\n\nFakeAV programs appear legitimate.\n* They create pop-ups that say things like "Dangerous spyware has been detected on your system."\n* They often have web sites where you can download and purchase software to "protect your system."\n* Some generate emails to confirm your purchase and offer *functioning* customer service phone numbers.\n\nWindows machines are currently the primary target. See Microsoft documentation at http://www.microsoft.com/security/antivirus/rogue.aspx.\n\nAn article about fake antivirus, describing some of the steps being taken by IT Security to protect our network, was published in the Cornell Chronicle on March 12. Please forward the article and information above to your users to spread awareness about this issue.\n\nhttp://www.news.cornell.edu/stories/March10/RogueVirus.html | 2010-03-16 | 04:00:00 |