Hackers are scamming users with ads on legitimate high-traffic news, entertainment and job Web sites. Want some anti-spyware? How about a Trojan with that? That is not a literal sales pitch, but the end result of a multistep scam involving rogue anti-spyware that researchers at SecureWorks are warning Web surfers about. Though tricking users into downloading Trojans via bogus anti-spyware is nothing new, security researchers said the magnitude of the scam makes it problematic.
"Rogue anti-spyware scams have been in circulation for several years," said Don Jackson, a security researcher at Atlanta-based SecureWorks. "However, they were typically one-off-type scams. We have never seen a malicious campaign using rogue anti-spyware of this magnitude before .... SecureWorks has personally seen 10 different content providers affected by this campaign and our outside sources tell us that they have worked with another 20 or so, but we suspect it is affecting dozens of Web sites."