Scareware, Rogue Ads Join Up for Hack Attacks

Two separate online security threats aimed at publishers and online advertisers are converging to form an even more potent force: Scareware is increasingly piggybacking in rogue ads to cause serious financial havoc and digital distrust - in some cases of once venerable websites - among consumers. Scareware refers to warnings that suddenly pop up on a consumer's screen purporting to be from a security vendor. The messages often suggest that the computer has been infected by malware. To stay safe, the consumer is urged to download new security software that will eliminate the problem. Of course, the download is actually the malware. Bogus ads are also hack attempts aimed at marketers - again, used to deliver malware. The New York Times fell victim to a rogue ad this September, as did MarketingVox in 2007. At first it was unclear what the malware was in the New York Times attack was meant to do. However, now Connecticut's Better Business Bureau reports that it was used to unleash scareware on the top-tier newspaper's online readers. Then Falls Gizmodo More recently, the tech blog Gizmodo fell victim to similar dual tactics, according to security vendor Sophos.  "Their plan was to infect as many computer users as possible with their malicious adverts," said Graham Cluley, senior technology consultant for Sophos. "They know Gizmodo gets a huge amount of traffic - once they infected the site through their adverts they could just lie in wait for their victims to visit." What is particularly audacious about this approach is that the criminals appear to have posed as legitimate representatives of Suzuki in order to plant  dangerous code on Gizmodo's site. Search Results Too Scareware is also piggybacking on search results, Connecticut Better Business Bureau President, Paulette Scarpetti, noted. "Hackers are also watching the headlines - such as the death of actor Patrick Swayze and the US Open - to plant infected versions of hot headlines on Google searches. Victims who click on fake search results are presented with a scareware pop-up." Scarpetti said this new menace takes advantage of people's trust in even the most prominent websites - a trend with which online brands and marketers are painfully familiar. Marketing to the Marketers Not surprisingly, providers of online security packages to retailers and other corporate sites are playing on companies' fears of losing customers' trust, as they position their latest wave of security products. McAfee, for example, is touting security to get consumers to make an online purchase, in its study "Digital Window Shopping: The Long Journey to Buy". McAfee found a majority of shoppers are "digital window shoppers," or consumers who start shopping on a site, leave for a period of time and return later to complete the sale. McAfee studied the behavior of 163 million shoppers and found that sales conversions were 11% higher for digital window shoppers who were shown a security cue - such as its own McAfee Secure trustmark.