Story image

Channel Surfing: fake products robbing resellers

31 Jan 2012

Fake antivirus products can be a headache for end-users, but they’re also potentially robbing New Zealand resellers of income.

The AVG Community Powered Threat Report, Q4 2011, highlights the continuing success of fake antivirus products, which has been noted in previous reports as well.

Michael McKinnon, AVG (AU/NZ) security advisor, says the Q4 report in particular highlights the issue. "Resellers could miss out on sales because end users think they are protected because they’re running fake anti-virus software.

"It really highlights the importance of enquiring further as to what your customers are running and making sure what they are using is legitimate.”

While the Community Powered Threat Report is a global report, with no New Zealand breakdown available, McKinnon says ‘there are definitely some cases in New Zealand’.

"Resellers need to build awareness of the issue,” he says. "It’s home and small business users who are affected and it really does affect so many people.”

The report highlights the ‘second-click redirection mechanism’ infection method, which redirects the subject to a fake antivirus scanner that in turn lures him or her into downloading and paying for an antivirus tool to ‘removes’ the fictitious malware.

"Another important aspect of this story is showing that the underworld of cyber crimes is organised,” AVG says. "Malicious websites do not only share traffic, they also share owners.”

McKinnon says New Zealand resellers should also get abreast of the latest issues in mobile security, to ensure they are able to not only advise clients of the products available, but offer practical tips, such as remote wiping and the use of PIN codes.

"Resellers need to be mindful that they are the front line. Resellers have a responsibility, which I think a lot forget, to help ensure people are not being scammed or taken advantage of.”

The Community Powered Threat Report also flags the risks hidden in QR codes, which ‘are being discovered as an ideal way to distribute malware to unsuspecting victims’. McKinnon says a perfect storm is brewing as the convenience of QR codes and the ability to download a mobile app combine with mobile phones already known security flaws.

"Add to that that large brands are starting to use QR codes, providing almost a default trust factor...” he says. "We’re carrying around smartphones that are as powerful as a desktop computer five or six years ago and it’s so easy for users to scan the QR code and unwittingly download malicious applications that can very easily breach their privacy.”

The report says putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one could be enough to trick many.

As Yuval Ben-Itzhak, AVG Technologies chief technology officer, says in the report, the convergence between computers and mobile phones applies to malware too.

"As phones become more like computers, so do the risks. Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”

Other issues highlighted in the report include stolen digital certificates bypassing security on mobile phones and the persistence of rootkits.

Heather Wright is editor of The Channel; go here to subscribe. 

Microsoft appoints new commercial and partner business director
Bowden already has almost a decade of Microsoft relationship management experience under her belt, having joined the business in 2010.
Zoom’s new Rooms and Meetings features
Zoom has released information about the upcoming releases for its Rooms and Meeting offerings for 2019.
Aussie company set to democratise direct-to-orbit IoT access
Adelaide-based Myriota has released a developer toolkit that has been trialled and tested by a smart waste management platform.
Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
Dynatrace takes pole position in APM Magic Quadrant
It placed highest on Ability to Execute and furthest on Completeness of Vision in the 2019 Quadrant for Application Performance Monitoring (APM).
HCL and Xerox expand strategic partnership
Under the terms of the agreement, HCL will manage portions of Xerox’s shared services, including global administrative and support functions.
Avaya expands integration with Google Cloud AI
This includes embedding Google’s machine learning within conversation services for the contact centre, enabling integration of AI capabilities.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.