Given their financial motivations, the distributors of rogue security software scams need to affect a broad number of potential victims. Getting the program onto a victim’s computer is a critical step in rogue security software scams and the scammers use a variety of techniques to do so. While some rogue security software programs rely on just a few specific techniques to achieve this, many of them incorporate multiple techniques to improve the odds of success. The distribution techniques for rogue security software programs can be simplified into two groups: installation methods and advertising methods.
The installation methods for rogue security software can either be intentional or unintentional. Scammers who persuade victims that they need the rogue software to address security concerns lure the victims into downloading the software intentionally. This is a common approach to rogue security software installation that was used by 93 percent of the top rogue security...
I had a great time at CanSecWest 2009. There were some great speakers, the food was excellent, and the venue was pretty classy. One of the talks that stood out for me discussed using the BIOS as a means to persistently maintain control of a computer.
To my knowledge, this wasn’t the first time that the BIOS has been used by malicious code, but it is the first time that using the BIOS to fully contain and store said malicious code has been presented. By modifying the BIOS to store malicious code and install it on a local drive or device, an attacker can continually maintain control of a computer regardless of operating system reinstallations, physical change to hard drives, or other seemingly “sure fire” methods of system sanitization. This means that regardless of changes to devices or hardware, the computer remains at risk as long as the BIOS is not flashed with a “clean” image.
