Reading like a clichéd script from a technological thriller, the son of a high profile software security firm has reportedly been kidnapped. Ivan Kaspersky, the 20-year-old offspring of security Yevgeny Kaspersky, was walking through a factory area in Moscow's northwest on the way home from work earlier this week when he was taken. Those responsible for the kidnapping are demanding a ransom of 3 million euros (about $4.3 million), according to The Moscow Times.
Fake antivirus software masquerading around as the real deal is quickly becoming one of the oldest (and most used) tricks in the malware manual, and for good reason. It's easy to dupe less savvy computer users, especially as these bogus programs have become adept at looking the part. The latest one making the rounds is a false AV scanner called Antivirus 8.
"Over the last few days, we received numerous reports of computers infected with fake antivirus (scareware)," Roel Schouwenberg, senior antivirus research for Kaspersky, wrote in a blog post. "The name of this particular culprit is Antivirus 8."
According to Schouwenberg, fake pop-ups related to the bogus application were appearing on users' systems while not actively using their PC. Instead, they were running as soon as ICQ began fetching/displaying new ads. As Schouwenberg explains it, malware writers went through the trouble of setting up servers that appear to be related to actual retail products, so to outsiders (like Kaspersky) looking in, it appears the 'store' was simply the victim of an attack and the dirty ads keep rolling.
"By making it look like their server got compromised, the criminals can claim it isn't them who's responsible for distributing the malware," Schouwenberg explains. "But rather someone else who hacked their server to spread malware. The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines."
How it works isn't really important here, as none of this is going to matter to inexperienced users in the first place. Instead, now might be a good time to remind family and friends -- the ones who seem to ring your number every couple weeks with a new computer problem -- not to fall for fake AV scams.
A part of us wishes Kaspersky Internet Security 2011 came bundled with its own aluminum foil deflector beanie, because it’s the only thing missing from what’s otherwise the ultimate package for paranoid PC users. Put another way, running Kaspersky is like sitting in a panic room behind a three-inch steel-frame door with multiple deadlocks, and toting a sawed-off shotgun just for good measure. Do you see where we’re going?
Out of the box, Kaspersky comes ready to throw down with any malware feeling froggy enough to jump. Almost as if trying to prove a point, Kaspersky wouldn’t even allow us to visit our synthetic spyware site (www.spycar.org) until we configured the web module to chilax and let us poke our head into suspicious web portals. Not that it mattered, because Kaspersky was unfazed by each of Spycar’s attempts to hijack our browser and simulate other malicious behavior.
And thus it begins, the era of SMS viruses for Android. That's according to security firm Kaspersky, which earlier this week warned that the first malicious program classified as a Trojan-SMS has been detected for smartphones built around Google's Android platform.
"The new malicious program penetrates smartphones running Android in the guise of a harmless media player application," Kaspersky warns. "Users are prompted to install a file of just over 13KB with the standard Android extension .APK. Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the owner's knowledge or consent, resulting in money passing from a user's account to that of the cybercriminals."
Called Trojan-SMS.AndroidOS.FakePlayer, Kaspersky says this bit of mischievous (and costly) code has already infected a number of mobile devices. That isn't surprising, considering that the Trojan-SMS category is the most widespread class of malware for mobile phones, Kaspersky claims.
Kaspersky on Monday announced it has been successful in patenting a hardware-based antivirus system designed primarily for fighting rootkits.
Patent No. 7,657,941 was registered earlier this month and describes a technology developed by Oleg Zaitsev, senior technology expert at Kaspersky Lab. The patent describes a device that is installed between a hard drive or SSD and the computing unit (CPU or RAM) and connected to a system bus. It can also be integrated into the disk controller. The hardware solution decides whether or not to allow or block writing data to disk.
"Antivirus solutions and malware are both types of software with similar rights," says Oleg Zaitsev, Technology Expert at Kaspersky Lab. "This is where a hardware-based antivirus solution has a distinct advantage over conventional AV solutions because it monitors all attempts to access a memory device while remaining inaccessible to malware. This is critical for fighting such sophisticated threats as rootkits and bootkits."
Kaspersky claims this solution is particularly effective since it's implemented on the hardware level and isn't dependent on the OS's configuration. It also "integrates seamlessly with other security solutions," Zaitsev added, and could find use in server software and specialized computers like ATMs.