Hello, welcome to the Tuesday, January 4, 22 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Xavier ran into a good old fake anti-malware scam, and in this case, Meg Affie was impersonated

by the phishing email, essentially enticing

you to renew a McAfee subscription. Of course, the attacker here may count somewhat on you actually

using the product and maybe you're not really sure if it expired or when it is about to expire.

Now, if you click on the link, then you get the good old fake scan that will tell you

that you are infected with five viruses, actually relatively small number compared to what

some of these tools are advertising.

Often what follows next is very basically in the simplest case, just take your money,

so you'll pay them $30 or whatever it is, and you think you renewed your McAfee license,

but you actually send the money to some scammer.

In the worst cases, of course, you may end up downloading some actual malware from the website that claims to be associated with the antivirus maker.

I've also recently seen a lot of emails that sort of contain fake invoices that claim to be for some anti-malware product.

Usually the numbers are very large to scare the victim. And the intent then is to either call an 800 number that of course

will then run off the fake tech support scam on you or basically verify that you want to cancel

the order by providing your credit card number,

which then of course will be charged for whatever amount the attacker feels like.

Well, fake antivirus is one problem, but we also see occasional vulnerabilities in real antivirus software.

Latest example, Trent Micro, the Apex 1 product, as well as the very free

business security product, is susceptible to exploitation.

Now, the most severe one here is a privilege escalation vulnerability, so the attacker would already need to run code

...