[FSec] Finnish Website Attack via Rogue Ad

Newsfeed

Nachrichtenbote
Finland has a rather small population in which F-Secure has a relatively large market share. (Natch.) And every so often, something "big" will occur in such a way that Finland becomes a kind of statistical laboratory.

Here's a graph of malware detections (as in preventions) that occurred in Finland from November 24th to November 27th.



And this is a graph of the same from December 1st to December 4th.



Why is there such a dramatic difference?

An advertising network used by one of Finland's most popular websites, suomi24.fi, was compromised during the December time period. And according to Suomi24, all of that malware traffic was pushed by a single ad from a third-party advertiser's network.

Just one ad.

This is what our customers using our Browsing Protection feature would have seen:

Dec1_BP_Block.png


And if the site blocking wasn't enabled, this is the antivirus notification:

Dec1_AV_Block.png


What was blocked? — Rogue Antivirus. As in fake security software.

Here's one version:

Dec1_Fake_MSSE_Scan.png


And here's another:

Dec1_Rogue_Scan.png


These rogue programs aren't actually scanning your computer for threats, but still, they're more than happy to charge for their services. Rogues don't offer any free trials, they want payment up front.

Dec1_Rogue_payment.png


Payment up front? That's generally a good sign there's something amiss.
On 05/12/12 At 12:46 PM

Weiterlesen...
 
Zurück
Oben