14 DAY TRIAL // As Halloween approaches and people begin to prepare for the celebration, cybercriminals also keep themselves busy by launching all sorts of malicious campaigns that promise goodies in exchange for our trust and our bank accounts.
The researchers at MalwareCity already came across a large number of fake promotions that advertise cheap software.
Internauts must be warned that the applications these crooks commercialize are either pirated or their license has been stolen from someone who legitimately purchased the product, but whichever the situation is, they get away with a 100% profit and the victim ends up with a piece of illegal merchandize.
“Morality is not the only problem with buying and installing pirated software” says Cătălin Coşoi, Bitdefender’s Global Research Director. “The problem lies in the fact that users generally don’t receive critical updates or patches from the vendors, leaving them exposed to vulnerabilities that might later on be exploited by crooks.”
In one of the example emails we are offered Windows 7, Office 2010, Adobe CS5 and they all come in “over 15 languages.”
“We also have a huge amount of soft for Macintosh,” reveals the phony email.
I've tested the website that hosts all these fabulous Halloween promotions and McAfee's SiteAdvisor tool revealed the expected result.
“McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution.”
The fact that remains is that software should never be downloaded or purchased from untrusted retailers or shady markets as, besides the fact that they might contain malicious elements, piracy is illegal.
Other rogue celebratory promotions include gift cards that finally lead to the classic survey and greeting cards that bring with them malevolent worms such as Win32.Worm.Waledac or Win32.Worm.Prolaco. The latter category of Halloween malware can be avoided by deploying a trusted security solution, by regularly updating your operating system and all its critical components and by making sure you don't click on links received in suspicious emails.