Page 2 of 9 FirstFirst 123456 ... LastLast
Results 11 to 20 of 86

Thread: Rogue AV/AS prolific

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation More "scareware"...

    FYI...

    More "scareware"...
    - http://www.f-secure.com/weblog/archives/00001508.html
    September 30, 2008 - "WinDefender 2008 is a rogue application. Rogues are also sometimes known as scareware... Looks sort of familiar, doesn't it? Do you recognize the shape of the box? The website creators appear to have "borrowed" a few things. Let's check out the legal disclaimer... From where else we can find really legal stuff? Spyware Rogue: Antivirus XP 2008... Oh, Antivirus XP 2008. That particular rogue is a huge pain in the… neck. The guys that produce this stuff are crooks and swindlers... Here's a tip: If they claim to be REALiable — they're probably FAKE..."
    (Screenshots available at the URL above.)

    - http://www.f-secure.com/weblog/archives/00001509.html
    October 1, 2008 - More rogue apps/screenshots...

    Last edited by AplusWebMaster; 2008-10-02 at 00:24. Reason: New F-secure blog entry...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Rogue AV tactics continue...

    FYI...

    - http://blog.trendmicro.com/rogue-av-...e-to-threaten/
    Oct. 2, 2008 - "October has just begun and Trend Micro threat researchers keep seeing more and more — slightly different, but yet increasingly more annoying — variations to the set of rogue AV infection signals... Fake BSOD (actually a screensaver) now sports a specific mention of the problem — an unregistered version of a certain AV product... even the fake reboot screen (also a screensaver) has text... malware criminals continue a “take no prisoners” approach to vandalizing PCs in their bid to convince victims to purchase bogus security software... Cybercriminals literally calling attention to themselves by using all visual means available to instill a sense of discomfort in users that may just be enough to get these users to fall for the act — an unfortunately common scare tactic... This variant is an ongoing iteration of the Antivirus 2009 campaign and is detected as TROJ_FAKEAV.SV..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry New rogue: Antivirus 2010...

    FYI...

    New rogue: Antivirus 2010
    - http://sunbeltblog.blogspot.com/2008...irus-2010.html
    October 09, 2008 - "Antivirus 2010 is a new rogue security product. This rogue is a clone evolved from IEdefender that begat XP Antivirus, that begat Antivirus 2008, that then begat Antispyware 2009... The rogue application uses the same old tricks to lure users into purchasing their worthless application... Fake Windows Security Center - Fake BSOD..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down More rogue AV tricks...

    FYI...

    More rogue AV tricks...
    - http://www.f-secure.com/weblog/archives/00001535.html
    November 10, 2008 - "We came across a rogue today called Antivirus Professional 2008 that uses GeoIP Lookup as part of its scare tactics. This site uses Flash and script to create the effect of an online scan, that then attempts to push an installer at the visitor. The NoScript extension* for Mozilla Firefox is an excellent way to mitigate against this kind of garbage... The "antivirus online scanner" site now uses the visitor's IP address to customize the so-called threat..."

    (Screenshots available at the URL above.)

    * https://addons.mozilla.org/en-US/firefox/addon/722

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Search-and-Destroy Antispyware -rogue-

    FYI...

    - http://www.f-secure.com/weblog/archives/00001545.html
    November 21, 2008 - "Some rogue antivirus applications are overtly malicious. XP Antivirus 2008 and XP Antivirus 2009 have numerous affiliates utilizing rootkits and plenty of other nasty techniques in order to get themselves installed (and purchased). They're a real pain in the… neck. As an interesting aside – XP Antivirus 2008 and XP Antivirus 2009 are actually produced by two different gangs. Variants of one sometimes attempt to uninstall and disable the other...
    This is how the search-and-destroy .com site appears... The site just uses a simple Flash graphic for basic animation; there are no fake "scans" that attempt to scare the visitor. It's all very quiet, relying perhaps on its name. This application, search-and-destroy, should not of course be confused with Spybot Search & Destroy, a well known and respected antispyware application. We downloaded and tested the Search-and-Destroy Antispyware application. First it prompted a warning that there were zero risks. Then we performed the scan and there were 159 "problems" discovered. All 159 were not fixable in the trial version. Within the "malicious threats" that were discovered, were invalid shortcuts. True, the links were invalid, but that's hardly a threat. So we uninstalled the application, and it left behind a registry key... Within the "malicious threats" that were discovered, were invalid shortcuts... Typical. The scan warned us about invalid shorts, and then leaves behind an invalid registry key... Based on the IP address used when posting to our comments system, Mirando lives in New Delhi, India. We suspect that he's young and that these posts are early attempts at making money via an affiliate program..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MSRT removes 994,061 rogues

    FYI...

    - http://preview.tinyurl.com/55b2hj
    November 19, 2008 - MS Malware Protection Center - "Win32/FakeSecSen* was added to MSRT November release ... We’ve since observed MSRT removing FakeSecSen from 994,061 distinct machines. Breakdown of these removals by regions is shown as below...
    Distinct Machines Cleaned:
    United States - 548,218
    United Kingdom - 74,343
    France - 47,581
    Germany - 43,347
    Netherlands - 28,724
    Spain - 23,027
    Italy - 18,453
    Australia - 16,287
    Canada - 16,180
    Sweden - 15,412
    Other - 162,489 ..."

    * http://www.microsoft.com/security/po...2%2fFakeSecSen
    Summary: Win32/FakeSecSen is a family of programs that claim to scan for malware and display fake warnings of “malicious programs and viruses”.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Lies, Fake AV, and Statistics

    FYI...

    - http://www.sophos.com/security/blog/2008/12/2069.html
    2 December 2008 - "Today we saw a hockey statistics website that had been compromised - it was redirecting via several hops to a fake anti-virus site detected as Mal/FakeAvJs-A... If you do go for their free scan, surprise surprise it finds malware on your computer. In fact there’s a config file on the site, telling you exactly what malware it’s going to find, and where... This wasn’t the only site we saw compromised like this today, the others pointing to the exact same fake anti-virus website after a number of hops, as if somebody had recently flicked a switch and set a number of websites redirecting in this manner..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Rogue - Nano Antivirus...

    FYI...

    Nano Antivirus now making the rounds
    - http://sunbeltblog.blogspot.com/2008...ng-rounds.html
    December 02, 2008 - "A fresh rogue... variant of Pro Antispyware 2009*."

    * http://sunbeltblog.blogspot.com/2008...ware-2009.html
    October 22, 2008

    (Screenshots available at both URLs above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb MSRT wipes 400,000 rogue AV clients

    FYI...

    - http://preview.tinyurl.com/ay4674
    December 24, 2008 (Computerworld) - "In the second month of a campaign against fake security software, Microsoft has booted the rogue application "Antivirus 2009" from almost 400,000 PCs, the company recently claimed. December's version of the Malicious Software Removal Tool (MSRT), a free utility that Microsoft pushes to Windows users as part of Patch Tuesday , targeted one of the most popular phony security app, Antivirus 2009. According to Microsoft*, the MSRT erased the fake from over 394,000 PCs in the first nine days after it released this month's edition..."

    MSRT Review - Win32/FakeXPA and Win32/Yektel Rogues
    * http://preview.tinyurl.com/a4pku7
    (blogs.technet.com) - December 17, 2008

    > http://preview.tinyurl.com/6bb67
    MSRT v2.5 - 12/10/2008 - 7.4MB

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy More "Fake AV" Incarnations Making The Rounds

    FYI...

    More "Fake AV" Incarnations Making The Rounds
    - http://isc.sans.org/diary.html?storyid=5584
    Last Updated: 2008-12-30 01:39:49 UTC - "Using obfuscated javascript techniques, more "Fake Anti Virus" malware is continuing to present itself to unsuspecting Internet users - in the hopes of gaining an installation through the use of rather effective, social engineering methods. Some of the latest incarnations observed in the past 24 hours continue to maintain low levels of AV detection (less than 15% based on VirusTotal analysis)... In terms of propagation, getting a "hit" from this malware is as easy as entering a series of search terms on your favorite search engine, and unluckily picking a search result that delivers nothing more than the misleading introductory screen and fake anti-virus pop-up alerts (with their associated "D-level" english grammar). Should you unfortunately find yourself victim to this, remember to not click anywhere on the screen, but instead use "Task Manager - Applications" to terminate the victimized web browser session."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •