According to security company AVG, UK Internet users were subject to a large drive-by web attack at the end of Februar, that tried to push fake anitvirus at least 750,000 times on a single day.
On Sunday 27th February, the previously obscure Russian 'Blackhole' exploit kit was suddenly detected 900,000 times globally, up from only a few tens of thousands typical for such kits.
Over three quarters of these detections were for UK PCs which offers a baseline for what must have been a continued attack several times that size against web server frequented by users in the country.
It is not clear why UK Internet users were targeted but the attack does not seen to have been successful. 600 servers were compromised, serving nine different Adobe, Java and Microsoft exploits, including the MS-MDAC flaw from 2006. The exploited servers were mainly based in Estonia with some in the US.
AVG compromised one of the servers used to control the Blackhole attack. It reported a 'load' rate for bogus antivirus software of nearly 8%. These only show how many machines ran the Fake AV alerts based on successfully serving an exploit, not how many users fell for the scam and actually paid up.
However, it is only the loads that matter to the criminals as they can use this figure to calculate what they are paid - the actual scam AV revenues will go to a different set of criminals.
AVG CTO, Yuval Ben-Itzhak said "It is exceptional compared to anything we have seen for some time."
The attack suggests that Britons may still be falling for fake antivirus scams, a common attack method despite have been in existence for several years.
Return to security news headlines
View Security News Archive