Security experts had been predicting a bonanza for online scammers in the months leading up to the tournament, and they haven't been disappointed.
PandaLabs, the anti-malware laboratory of Panda Security, is warning consumers of search engine manipulation tactics that redirect users surfing for World Cup news and videos toward sites promoting fake anti-virus software. This malicious software, more commonly known as Scareware, fools users into believing their computers have been infected by a virus and tricks them into purchasing useless software to fix the non-existent problem -- often infecting the machine with malware in the process.
The scareware in question is called MySecurityEngine, which alters the desktop settings of its victim to display fake security alerts and hijacks the browser, diverting the user to bogus sites. MySecurityEngine, which has been detected on a number of infected web pages, also installs malicious files and downloads itself automatically onto the victim's PC, making it difficult to remove.
The scareware also tricks users into purchasing its worthless anti-virus software. PandaLabs says cyber-criminals manipulate search engines to ensure scareware pages feature prominently on Google searches by using deceptive black hat search engine optimization (SEO) techniques to improve rankings. MySecurityEngine-infected pages appear in Google results when football fanatics search for terms including:
- World Cup Brackets 2010 Fifa
- World Cup Brackets 2010 Printable
- World Cup Schedule 2010
- Espn World Cup Schedule
So how do you protect yourself against scareware?
The Federal Trade Commission, which knows a thing or two about scareware scams, offers some excellent advice on its OnGuardOnline site, a consumer-oriented site full of useful information for avoiding scams, viruses and other cyber-trouble. OnGuardOnline's "Free Security Scan Could Cost you Time and Money" page provides a good overview of scareware, as well as helpful tips to avoid getting fooled into buying bogus anti-virus software.
Common scareware tactics, the FTC says, include:
- Ads that promise to "delete viruses or spyware," "protect privacy," "improve computer function," "remove harmful files," or "clean your registry."
- "Alerts" about "malicious software" or "illegal pornography on your computer."
- Invitations to download free software for a security scan or to improve your system.
- Pop-ups claiming your security software is out-of-date and your computer is in immediate danger.
If you get an offer to buy anti-virus software, Google it to make sure it's reputable. A particularly effective malware remover is offered free by Malwarebytes. And finally, make sure your anti-virus software, anti-spyware and firewall are active and up-to-date.