PDA

View Full Version : Email Scam



Smiling Carcass
2008-12-19, 20:46
Do not click anything in a popup window claiming to be Anti Virus 2008 or 2009. They are using various other names such as Windows Antivirus. Wherever you click on the popup it will install Trojans and other malware and I have cleaned 3 machines this month of this. I am currently working on the fourth which is proving to be a challenge since the owner foolishly assumed it was a genuine update (they use this trick too) to existing antivirus they were using and installed it. The best thing to do is either shutdown the machine and restart- though I can’t vouch for this method being successful but I imagine this would clear the prompt. Alternatively Ctrt-Alt-Del to bring up the task manager and close it from there- I suggest right click and ‘close program tree’. Since the installation I am currently working on does not appear in ‘add or remove programs’ I feel reasonably confident that they will soon re-code so it doesn’t appear in taskmanager either.

Smitfraudfix and Malwarebytes are two very effective free solutions to this problem.

If you get the popup, you are probably already infected as they use ‘drive by’ downloads to get it on your machines.

Smiling Carcass
2008-12-19, 21:34
I have just received an email from Panda Security
“Virus Alerts, by Panda Security (http://www.pandasecurity.com)

This week's PandaLabs report includes information about the adware
Antivirus360, the Sinowal.VXR banker Trojan and the virus Salit.AN.

Antivirus360 is a fake antivirus. As with all this type of malware, this
example is designed to make users believe that their computers are
infected and then try to sell them a version of the fake antivirus.
(Image here: http://www.flickr.com/photos/panda_security/3119340477/)

If users decide to buy the product, they will see a Web page on which
they can enter their payment details (image here:
http://www.flickr.com/photos/panda_security/3120158812/)

Sinowal.VXR is designed to steal bank passwords and send them to its
creators, allowing them to steal money from users' accounts. To obtain
this information, Sinowal.VXR monitors users' activity on the Internet
and when they access certain bank Web pages, the Trojan redirects them
to a spoof page. There they will be asked for a series of data including
their user name and password, as well as other memorable information
such as their favorite film, book or destination.

"The reason for collecting this extra information is that cyber-crooks
can then access the user's email accounts or similar services which
often use these type of questions in the event that the user has
forgotten their password", explains Luis Corrons, technical director of
PandaLabs.

The information is encrypted and sent via HTTP POST to an external
server which saves all the data gathered.

Salita.AN is a virus with a malicious payload that prevents the computer
from functioning correctly. It stops Internet Explorer from working in
offline mode; it disables access to the Windows Registry and Task
Manager, and deactivates warnings from the "Windows Security Center". It
also deletes Windows Registry entries related with safe mode, to prevent
accessing the system in this way.

The virus spreads by copying itself to all system drives, USB devices
and shared drives.”
So there’s a new name to watch for- probably to fool Norton360 users into downloading their rubbish.