There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.
Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.
When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome to" and names a popular antivirus software and suggests closing other applications. If the victim falls for the ruse, it then displays a message that says "To complete installation, you must go through activation" and offers several ways to pay, including SMS (Short Message Service), WebMoney, and credit card.
If you click "cancel," the program won't install, compared with typical fake antivirus programs that have already infected the system by the time the victim realizes what is happening and keep displaying the annoying pop-up messages, even after reboot, Khetarpal said.
The company has seen five versions of the rogue security programs masquerading as software from Avast, Norton, McAfee, BitDefender, and RootKitBuster, and they, as usual, target Windows systems.
Khetarpal could not say how widespread the malware is but said he has seen it in a "lot of Web sites" and in relation to search results for popular and trending topics.
Fake AV scammers aren't the only ones to hop on the SMS payment bandwagon. Scammers were found to be seeking payment by SMS for fake browser updates earlier this year, according to GFI Labs.
Source: http://news.cnet.com/8301-27080_3-20052203-245.html#ixzz1JFJAj0pp
