Rogue anti-Virus spotted on airport Internet terminal

by Steve Ragan - Aug 26 2010, 14:30

Nick Johnston, a software engineer for Symantec, was on a road trip recently when he spotted an interesting security issue; namely that an airport Internet terminal had been infected with a Rogue anti-Virus application.

If that wasn’t bad enough, the terminal's installation of 'Defense Center Installer' still had the 'To Do' list on the installation dialogue, and that's a double fail if you think about it.

Defense Center Installer is just one of the many countless Rogue anti-Virus programs that target unsuspecting users.

The software, once installed, will flood the screen with warnings related to non-existent infections, hijack browsing sessions, and can often lead to other compromises. The larger purpose for its existence is, of course, the attainment of cash. The criminals distributing such Rogues collect the registration fees that the software requires, in addition to the fees they are paid for installing the program in the first place.

“While this particular 'Scareware' will only infect the Internet terminal, it is an indicator that these terminals are inadequately protected and vulnerable to a full range of Malware,” Johnston wrote in a Symantec blog.

As an example of potential threats, he noted, “consider that a keylogger on one of these terminals could capture a person’s user name and password.”

“Exercise extreme caution whenever using publicly available internet access terminals and avoid any action that requires signing on to personal or corporate accounts. A few minutes of checking email could result in a serious security event - the connivance of a moment requiring days and hours of painful recovery.”

The image below was taken at “a large airport in England.”

 

 

In other Symantec news, the division Johnston works for, Symantec’s Hosted Services, recently released the MessageLabs Intelligence report.

The report found that the percentage of Spam sent from botnets has increased to 95 percent of all Spam, up 11 percent in just five months. However, a Symantec spokesperson said the total amount of Spam in circulation is down slightly from the previous quarters, as most botnets have reduced in size.

In addition, the report singles out the Rustock botnet, which has remained the most dominant Spam-sending botnet, responsible for 41 percent of botnet Spam sent in August, up from 32 percent in April.

While other botnets are sending less Spam due to having less bots under their control, Rustock has shrunk the number of bots nearly in half since April (on purpose), yet still manages to send record amounts of junk messages.

According to the MessageLabs Intelligence report, one factor in the increased throughput from Rustock is that the botnet has stopped using TLS encryption to send Spam, thus speeding up connections.

The report itself can be viewed by clicking here.

Around the Web