Make sure your AV is legit

Making headlines this week is a 41-year-old woman who has been charged with distributing bogus anti-virus software to over a million Internet users, says Brett Myroff, CEO of Sophos distributor, NetXactics.

He says Lee Shin-ja, a former CEO of Media Port, is said to have earned over 9.2 billion won (approximately US $9.8 million) since 2005 with a free anti-spyware program that displayed fake security warnings and directed Internet users to purchase Media Port's Doctor Virus clean-up solution.

"Computer programmers that assisted in the scheme are said to have deliberately coded the software to display false security alerts on files which were not infected with spyware or other malware," he explains.

More and more people are becoming concerned about the security of their personal computer, says Myroff, and it's all too easy for the unscrupulous to try and fool users into believing a bogus warning.

"In this case, 3.96 million Internet users are reported to have tried the free software, with 1.26 million people going on to purchase the 'cure'. With those kinds of figures it's no surprise that the authorities are looking seriously into whether a large number of people have been defrauded by scareware," he says.

Sophos experts note that there are hundreds of different security programs competing in the South Korea market, many of which are not well-known in the rest of the world.

"It's not uncommon for South Korean computer users to run multiple anti-virus programs at the same time - probably because many of their homegrown solutions don't come with an on-access scanner," explains Myroff. "This environment increases the likelihood that people will download and 'test the water' with a product they stumbled across on the Internet."

There have also been reports of a new e-mail scam that pretends to be a lottery notification from charity Oxfam this week, warns Myroff.

"The e-mails claim that the recipient has won £850,000 in a lottery run by the international aid relief organisation, and asks for the claimant to reply to get details on how the winnings will be transferred," he says.

The scam e-mail tells recipients to contact a live.com e-mail address, and also lists a UK 070 personal phone number for people who wish to make contact via telephone, says Myroff. "Last year Sophos revealed that 070 telephone numbers are frequently used by lottery scammers who can redirect calls using the system to any phone number in the world," he says.

"E-mail lottery scams are abusing 070 telephone numbers to steal money and confidential information. By redirecting the number overseas, criminals can fool victims into believing they are speaking to a legitimate agency rather than a bunch of identity crooks focused on raiding bank accounts," according to Myroff .

This week's low to medium prevalence malware includes the Troj/CHMDrop-B Trojan, which is affecting Windows users, says Myroff.

Furthermore, top-level component of Troj/CHMDrop-B is a compiled HTML help file containing an article called "Photos of Tibet in the early 1940's", he says.

Troj/Dload-BS, Troj/KillAV-EF and Troj/MalDoc-Fam have also been noted and are affecting the Windows operating system.

Troj/Dwnldr-ZLB, another Trojan for the Windows platform, downloads files from preconfigured URLs and executes them.

"As always, users are advised to protect their computers with a consolidated security solution that can control network access and defend against all types of cyber criminal activity," Myroff concludes.