Page 1 of 5 12345 LastLast
Results 1 to 10 of 86

Thread: Rogue AV/AS prolific

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Rogue AV/AS prolific

    Arrgghh...

    - http://sunbeltblog.blogspot.com/2008...continues.html
    February 19, 2008 - "It was last week, on the 14th, that Ben Edelman* showed that C-NetMedia (not to be confused with CNET) was using highly deceptive advertising to lure people to its sites. It’s still going on, despite press on the matter.
    This morning, a search for SpyBot again shows C-NetMedia trying to trick people into thinking their site (spywarebot.com) is Spybot’s... And a search for Ad-Aware still has their ad for adwarealert.com. HIGHLY deceptive... (And we all know that many people will click on the first result, not fully understanding that it’s a sponsored link). Then, look what these crooks are doing with Microsoft Antispyware... I’m afraid it’s going to take the FTC to handle this one. Apparently the search engines aren’t self-policing on this one."
    (Screenshots available at the URL above.)

    -------------------------------------------------

    * http://www.benedelman.org/news/021408-1.html
    February 14, 2008 - "Not every "anti-spyware" program is what it claims to be. Some truly have users' interests at heart - identifying and removing bona fide risks to privacy, security, stability, or performance. Others resort to a variety of tricks to confuse users about what they're getting and why they purportedly need it. This article reports the results of my examination of anti-spyware software from C-NetMedia...
    > Deceptive advertising, deceptive product names, and deceptive web site designs falsely suggest affiliation with security industry leaders...
    > The use of many disjoint product names prevents consumers from easily learning more about C-Net, its reputation, and its practices...
    > High-pressure sales tactics, including false positives, overstate the urgency of paying for an upgraded version...
    Note that C-NetMedia is unrelated to the well-known technology news site CNET Networks..."
    (Screenshots available at the URL above.)

    Last edited by AplusWebMaster; 2009-09-30 at 14:24.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy MonaRonaDona and rogue Unigray

    FYI...

    - http://preview.tinyurl.com/2m8h33
    March 4, 2008 (Symantec Security Response Weblog) - "We have analysed samples of malware that is calling itself 'MonaRonaDona'... it seems the sole purpose of the malware is to prompt the user to enter the term "MonaRonaDona" into a search engine. This is an attempt to lead them to an application that can remove the unwelcome threat - a fix that has obviously been conveniently provided by the very people who created the virus in the first place. When the Trojan executes, it creates the file SRVSPOOL.EXE in the startup folder of all user accounts... Once the user enters the name 'MonaRonaDona' into an Internet search engine, some of the top search results will be the "fix" that the malware authors have - in all probability - also conveniently created in order to solve the problem... this is a scam and warn victims against downloading the Trojan author's application created to remove the malware, which they were charging US$39.90 for (the Unigray Web site was down at the time of writing). While the software does in fact remove the MonaRonaDona Trojan - it is the ONLY malware it removes, despite the fact that it (falsely) reports to have cleaned over 200 other threats..."
    (Screenshots available at the URL above.)


    Removal:
    > http://www.dslreports.com/forum/r200...RonaDona-virus
    2008-03-01


    - http://blog.trendmicro.com/the-art-d...-monaronadona/
    March 6, 2008 - "...Unconfirmed reports of initial infection happens when users click on a certain ad banner for Registry Clean Fix, a possible rogue program, to initiate stealth download of MonaRonaDona onto a system. The malware remains inactive (and impervious to detection) until users restart their systems.... Trend Micro advises users to refrain from clicking ad banners, which might lead to unexpected download of malicious files on a system or redirection to a malicious Web site. Trend Micro also implores users to be more wary of new social engineering techniques being practiced in the wild."
    Last edited by AplusWebMaster; 2008-03-06 at 19:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb

    VirusHeat... new coat - same color

    This link (from some good guys) shows you how the bad guys defraud users into getting whacked:
    http://www.sunbeltsoftware.com/ihs/alex/anymp3.htm (turn up your sound so you can hear it)

    ...just so you can see how deceitful it is. 'Guess we need a sign:

    "Use EXTREME CAUTION when clicking on search engine results".

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Another FAKE MS SPAM msg...

    FYI...

    Another fake MS spam
    - http://sunbeltblog.blogspot.com/2008...e-ms-spam.html
    July 15, 2008 - "...The file being pushed, free.exe, is an installer for Antivirus XP 2008, a nasty rogue antispyware program... SPAM has stopped just being a nuisance, and become a serious potential security threat..."

    (Screenshot available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Fake AV Trojans Ramping Up

    FYI...

    Fake AV Trojans Ramping Up
    - http://blog.trendmicro.com/fake-anti...ns-ramping-up/
    August 14, 2008 - "...new set of rogue antivirus software circulating in the wild. Based on initial analysis, these threats arrive mainly via spammed email messages that contain a link to a bogus celebrity video scandal, although we have also received reports that the said link is also circulating in instant messaging applications and private messages in social networking Web sites. Once the said URL link is clicked, the Web threat infection chain begins and ultimately leads to the downloading of a Trojan detected by Trend Micro as TROJ_FAKEAV.CX, a rogue antivirus that displays very convincing (and for some, alarming) messages... TROJ_FAKEAV.CX also drops another malware, detected as TROJ_RENOS.ACG. RENOS Trojans are known to have very visual payloads that may further alarm users (for example, they modify the system’s wallpaper and screensaver settings to display BSOD). Thus, users may be more convinced that something’s wrong with their system, not knowing that their new software is the one causing it. Rogue antispyware isn’t entirely new, although our researchers have been seeing an increase in activity for the past couple of months... Perhaps it’s because this is also the time of the year when the more legitimate security suites are releasing their latest software updates, and cybercriminals are riding on this season to ramp up their profits. Bad news for the infected users though, as their latest versions of “antivirus software” are actually adding more threats to their system..."

    (Screenshots available at the URL above.)

    Last edited by AplusWebMaster; 2008-08-15 at 12:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb XP Antivirus 2008 - Anatomy of a malware SCAM

    FYI...

    - http://www.theregister.co.uk/2008/08...ack/page8.html
    22 August 2008 - "...One can only wonder how many users have been duped into installing ineffective security software, and what happened to their private information and credit card data when they paid for it. The presence of such software, and the overall very high quality of the ruse it presents, is frightening. More than likely, thousands of people have been fooled. In fact, this type of deception has been around for several years now, and it would not still be here if it did not work well.
    This should serve as a dire warning to all: be extremely careful what you trust, and question everything that looks even remotely suspicious..."
    (Many screenshots shown in the article - well worth your time to review.)

    You may also want to visit TeMerc's site on this subject:
    - http://www.temerc.com/forums/viewtopic.php?f=26&t=5053

    ...and this tool: RogueRemover FREE (i.e.: XP Antivirus 2008, etc. - 444 different suspicious applications)
    > http://www.malwarebytes.org/rogueremover.php

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry

    FYI...

    Phish that bites back
    - http://www.secureworks.com/research/...at-bites-back/
    August 25th, 2008 - "We all get phishing emails. Some of us more than others, so it’s no surprise that sometimes people take out their frustrations on the phishing form, letting the phisher know just what they think of him or her... While it might make you feel better, it isn’t always a good idea. For instance, if you were to do this on a phishing page hosted by the Asprox botnet, you might get more than you bargained for. The Asprox phishing form backend has a bit of extra logic added to it. If the form looks like it has been filled out with legitimate data, you get redirected to the main page of the bank website. However, fill it out incompletely or use certain words like “phish” or NSFWUYAS (Not Safe For Work Unless You’re a Sailor) language, and your browser will be subjected to a number of exploits. If you are running Windows and haven’t recently installed your security updates and patched all your browser plugins/ActiveX controls, you might find yourself infected with your very own copy of Asprox. Not only do you then get the opportunity to unknowingly send phishing emails on behalf of the botnet, you will likely get some extra goodies, since Asprox is also a downloader trojan. You won’t notice it running, but you might notice some of the things it downloads and installs. For instance, you might find your desktop wallpaper changed to a “spyware alert” type of message, and now all your screensaver shows is scary blue-screens-of-death. Of course, if you’re familiar with the Windows desktop properties dialog, you can change all that back, right? Oops. the rogue antivirus program has removed that functionality for you... you’ll notice the lack of a “I disagree” or even a “close window” button at the top of the dialog (which can’t be minimized, and stays on top of all your other windows). So there’s no easy way to continue using your computer without clicking on the “Agree and install” button. But don’t worry, Antivirus XP 08 has already installed itself, whether you click through the license agreement or not... Of course, you’re not infected with everything this program says you are - it’s scareware, designed to get you to fork over $50 or $100 in order to clean your system of all these nasty threats. But it doesn’t actually detect or clean anything, especially not the Asprox bot you’re hosting now. And at any time, Asprox might deliver another malicious payload and install it for you - and it could be much worse: we’ve seen the Zbot banking trojan installed by Asprox in the past. So instead of a dealing with a nuisance program, you might be silently sending your banking and credit card information to the botnet owners. Something to think about before venting your frustrations on the bad guys. Sometimes phish bite back."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down XP Antivirus 2008 - now with exploits...

    FYI...

    XP Antivirus 2008 now with sploits, Google Adwords affected
    - http://sunbeltblog.blogspot.com/2008...h-sploits.html
    August 27, 2008 - "...problem of Google Adwords pushing Antivirus XP Antivirus 2008. The situation is still ongoing. However, it’s taken a turn for the worse, as these XP Antivirus pages are pushing exploits to install malware on the users system. This will also affect the many syndicators of Google Adwords... There are a variety of exploits being used, including setslice and an AOL IM exploit. Unusually, an exploit framework is not being used. Fully patched systems will not be affected by these exploits. The exploit attempts to install the following malicious file: huytegygle com/bin/ file.exe..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Rogue AV tactics continue...

    FYI...

    - http://blog.trendmicro.com/rogue-av-...e-to-threaten/
    Oct. 2, 2008 - "October has just begun and Trend Micro threat researchers keep seeing more and more — slightly different, but yet increasingly more annoying — variations to the set of rogue AV infection signals... Fake BSOD (actually a screensaver) now sports a specific mention of the problem — an unregistered version of a certain AV product... even the fake reboot screen (also a screensaver) has text... malware criminals continue a “take no prisoners” approach to vandalizing PCs in their bid to convince victims to purchase bogus security software... Cybercriminals literally calling attention to themselves by using all visual means available to instill a sense of discomfort in users that may just be enough to get these users to fall for the act — an unfortunately common scare tactic... This variant is an ongoing iteration of the Antivirus 2009 campaign and is detected as TROJ_FAKEAV.SV..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry New rogue: Antivirus 2010...

    FYI...

    New rogue: Antivirus 2010
    - http://sunbeltblog.blogspot.com/2008...irus-2010.html
    October 09, 2008 - "Antivirus 2010 is a new rogue security product. This rogue is a clone evolved from IEdefender that begat XP Antivirus, that begat Antivirus 2008, that then begat Antispyware 2009... The rogue application uses the same old tricks to lure users into purchasing their worthless application... Fake Windows Security Center - Fake BSOD..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •