Page 6 of 9 FirstFirst ... 23456789 LastLast
Results 51 to 60 of 86

Thread: Rogue AV/AS prolific

  1. #51
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Tropical Storm leads to FAKEAV

    FYI...

    Tropical Storm leads to FAKEAV
    - http://blog.trendmicro.com/tropical-...ads-to-fakeav/
    Sep. 29, 2008 - "Cybercriminals leveraged on the tropical storm, Ondoy (International name: Ketsana) that hit the Philippines and killed around 140 people... several malicious sites that appeared each time the users search the strings, “manila flood,” “Ondoy Typhoon,” and “Philippines Flood,” among others. The said sites emerged as one of the top search results. Once the user clicks the URL, they will be redirected to several landing pages where they are asked to download an EXE file, soft_207.exe. Trend Micro detects it as TROJ_FAKEAV.BND. This attack does GeoIP checks, which mean it only targets specific regions or location... Although riding on tragic events is not exactly new, what is notable is it employed once again blackhat SEO to lead users to a FAKEAV..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #52
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Rogue downloader uses Firefox warning screen lookalike

    FYI...

    Rogue downloader uses Firefox warning screen lookalike
    - http://sunbeltblog.blogspot.com/2009...x-warning.html
    September 29, 2009 - "... The rogue Alpha AntiVirus page used to hijack a browser copies the Firefox warning screen... Looks like the Firefox warning page ( in Internet Explorer ), but with a difference... What makes research on these rogues very challenging is the fact that they swap the download web sites about every six hours..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #53
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Rogue AV growth 2009-H1 585 percent

    FYI...

    Rogue AV growth 2009-H1 585 percent
    - http://www.theregister.co.uk/2009/10...meware_plague/
    2 October 2009 - "The prevalence of scareware packages has reached epidemic proportions, with 485,000 different samples detected in the first half of 2009 alone. The figure is more than five times the combined figure for the whole of 2008, according to statistics from the Anti-Phishing Working Group (APWG). The huge figures are explained by the hacker practice of changing the checksum of every file. The tactic is designed to foil less sophisticated anti-malware defences... More than half (54 per cent) or 11.9 million of the computers scanned by Panda Security, which contributed to APWG's report, were infected with some form of malware. Banking trojan infections detected by the group almost tripled (up 186 per cent) between Q4 2008 and Q2 2009. APWG's report can be found here*."
    * http://www.antiphishing.org/reports/...rt_h1_2009.pdf

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #54
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Scareware SPAM - Conficker.B infection alerts

    FYI...

    Scareware SPAM - Conficker.B infection alerts
    * http://ddanchev.blogspot.com/2009/10...infection.html
    October 20, 2009 - "A fake "conficker.b infection alert" spam campaign first observed in April, 2009 (using the following scareware domains antivirus-av-ms-check .com; antivirus-av-ms-checker .com; ms-anti-vir-scan .com; mega-antiviral-ms .com back then) is once again circulating in an attempt to trick users into installing "antispyware application", in this case the Antivirus Pro 2010 scareware. This campaign is directly related to last week's Microsoft Outlook update campaign, with both of these using identical download locations for the scareware..."

    (Screenshots and extensive list of domains involved available at the URL above*.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #55
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Scareware warning from the FBI...

    FYI...

    Scareware warning from the FBI
    - http://www.us-cert.gov/current/#fbi_...bout_scareware
    December 14, 2009 - " The Federal Bureau of Investigation (FBI) has released a warning to alert users about an ongoing threat involving pop-up security messages that appear on the Internet. These pop-up messages may contain seemingly legitimate antivirus software. Users who click on these pop-up messages to purchase and install the bogus software may become infected with malicious code or to become victims of a phishing attack. US-CERT encourages users and administrators to do the following to help mitigate the risks:
    • Review the FBI Press Release* titled Pop-Up Security Warnings Pose Threats.
    • Install antivirus software, and keep the signature files up to date.
    • Use caution when entering personal and financial information online.
    • Install software applications from only trusted sources
    ."
    * http://www.fbi.gov/pressrel/pressrel09/popup121109.htm

    > http://www.ic3.gov/media/2009/091211.aspx
    "... The FBI is aware of an estimated loss to victims in excess of $150 million..."

    - http://sunbeltblog.blogspot.com/2009...eneration.html
    December 11, 2009 - "A new rogue security product called IGuardPC... is the 50th clone of the WiniGuard family of rogue security products. That makes WiniGuard the largest rogue family ever detected by Sunbelt researchers. The WiniGuard family began in September of 2008. Operators behind it have added variants.. sorted into three generations. The latest generation gets a new clone about every 48 hours to stay ahead of public awareness and anti-malware detections..."
    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #56
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Rogue AV - Data Doctor 2010 encrypted files

    FYI...

    Rogue AV - Data Doctor 2010 encrypted files...
    - http://sunbeltblog.blogspot.com/2010...-files-we.html
    January 06, 2010 - "Our analyst Dimiter Andonov has developed a tool to decrypt files encrypted by Data Doctor 2010 that at least one blog reader found very useful:
    http://www.sunbeltsecurity.com/DownLoads.aspx
    Update 01/07:
    We've just posted a page with detailed directions for using the Data Doctor 2010 file decrypter:
    http://www.sunbeltsecurity.com/DownLoads.aspx ..."

    - http://www.f-secure.com/weblog/archives/00001850.html
    January 8, 2010

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #57
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Rogue AV exploits Haiti earthquake

    FYI...

    Rogue AV exploits Haiti earthquake
    - http://isc.sans.org/diary.html?storyid=7987
    Last Updated: 2010-01-14 18:45:02 UTC - "Just when you think they couldn't possibly go any lower ... The bad guys behind the Rogue AV scam (see my old diary at http://isc.sans.org/diary.html?storyid=7144 about Rogue AV) are heavily using SEO techniques to make links to their sites appear high on search engines. For example, when using Google to search for "haiti earthquake donation" top 6 hits (!) lead to compromised web sites which in turn check the referrer (they verify if you are coming from a search engine) and, if that is true, redirect you to another web site... At the moment they are redirecting to scan-now24 .com which appears to be taken down. As posted on numerous places yesterday – if you plan on donating be very careful about sites you visit."

    - http://www.us-cert.gov/current/#hait...ishing_attacks
    January 14, 2010

    - http://www.fbi.gov/pressrel/pressrel...uake011310.htm
    January 13, 2010

    - http://sunbeltblog.blogspot.com/2010...direct-to.html
    January 14, 2010 - "We continue to find hacked sites popping up on web searches for Haiti relief donations-related strings. Among other things, we’ve found a rogue security product being pushed. VIPRE detected that one as Rogues.Win32.FakeVimes... sites all -redirect- to scan-now24 .com (registered Dec. 28), which we recommend blocking...""

    Last edited by AplusWebMaster; 2010-01-16 at 06:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #58
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Scammers offer "Live Support"...

    FYI...

    Scammers offer "Live Support"
    - http://www.informationweek.com/share...leID=222900276
    Feb. 13, 2010 - "... The Live PC Care "virus scan" screen now includes a yellow online support button that affords those reluctant to part with their money the opportunity to banter with fraud support. "If a potential victim clicks on the online support button they are brought to a live support chat session," said Symantec security researcher Peter Coogan in a blog post*. "The authors of Live PC Care have taken advantage of a legitimate freeware live chat system called LiveZilla. This system allows Live PC Care victims to chat online with so-called 'support agents.'" Based on the interactions between Symantec researchers and the live support people, Coogan says that there really are people answering questions, and not automated scripts. Their goal, he says, is to allay suspicions and encourage the belief that the fake malware detected needs to be repaired. Coogan says that the involvement of live support people shows just how big the business of fake antivirus scams has become. Symantec says that between July 1, 2008 and June 30, 2009, 250 different fake antivirus programs made 43 million installation attempts. The company says that the cost of being victimized can go beyond the $30 to $100 price for useless software to include additional fraud arising from credit card theft."
    * http://www.symantec.com/connect/blog...-talking-enemy

    Trojan.FakeAV
    - http://www.symantec.com/security_res...606-99&tabid=2
    Updated: October 10, 2007 5:08:11 PM
    Type: Trojan
    Infection Length: 7,680 bytes
    Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

    Last edited by AplusWebMaster; 2010-02-17 at 14:16.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #59
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down VirusTotal - fake rogue site

    FYI...

    VirusTotal - fake rogue site
    - http://sunbeltblog.blogspot.com/2010...stotalcom.html
    February 26, 2010 - "VirusTotal.com [ http://en.wikipedia.org/wiki/VirusTotal.com ] is a brilliant site that helps both public and researchers alike determine if an executable file they have is potentially malicious or not... somebody decided to cash in on the good name of the site with the following domain:
    virus-total(dot)in
    ...we have some Rogue Antivirus advertising in the house, to the tune of “Your computer is infected by viruses” complete with the now familiar fake image of your drives and folders... Should you download and run the executable file offered up by the site, you’ll end up with the rogue Security Tool on your system... the REAL domain for VirusTotal is http://www.virustotal.com/ . Don’t fall for this scam!"

    (Screenshots available at the Sunbeltblog URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #60
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down MS warns: fake Security Essentials

    FYI...

    MS warns: fake Security Essentials
    - http://www.theregister.co.uk/2010/02...entials_rogue/
    26 February 2010 - "Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials. Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and monitors and blocks processes it doesn't like. The software will also block access to websites of antivirus and malware companies and flag up a warning message. You can see the list of blocked sites here*... Adding insult to injury, Security essentials 2010 charges you to scan and remove files on your machine, claiming the version you will have initially downloaded is just a trial edition. Microsoft's Security Essentials is available without charge to PC users running a genuine copy of Windows..."
    * http://www.microsoft.com/security/po...Win32/Fakeinit

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •