The old addage of only going to well known websites has gone out the window! These days it seems it doesn't matter if you're looking at porn or recipes you will still probably wind up with some sort of malware or virus on your computer.
Seventy percent of the top 100 Web sites either hosted malicious content or contained a link designed to redirect site visitors to a malicious Web site during the second half of 2008, claims Websense's report State of Internet Security, Q3-Q4, 2008.
We have been educating our customers for over a year now and letting them know that their computers were being infected through malicious ADS placed on legitimate websites and now the security industry has finally caught up with us.
Ensuring that you maintain your antivirus software is simply not enough any more. Placing all your faith in antivirus software will leave you infecte with malware and spyware.
During July and August of this year, independent test lab and product analyst firm, NSS Labs conducted real-world tests of anti-virus and endpoint software suites against socially engineered, Web-based malware. And we know that's one of the most pressing, rapidly growing threats. Some counts have Web-based malware pegged as more than 50% of all malware delivered today.
The vendors tests included AVG, ESET, F-Secure, Kaspersky Labs, McAfee, Norman, Norton, Panda, and Trend Micro. The results were not very good. the lab conduced 17 days of 24x7 testing, with 59 separate test runs -- occurring every 8 hours. Each test used the most current version of the anti-malware application.
Trend Micro, only managed to stop 91 % of malware as the download to the test system was underway, as well as an additional 5.5% as it executed. That's a 96.5% success rate. The worst performer, according to NSS Lab's testing, ESET blocked only 65.4% of Web-based malware as it tried to download, and 2.5% as it tried to execute. That's a 67.9% success rate. All of the other vendors tested landed somewhere in between.
Friday, November 13, 2009
Thursday, November 12, 2009
Scareware list update
Here are some of the names and looks of recent scareware.
AntiMalware is a rogue application from the same family as Active Security. When this program is installed it will be configured to start automatically when you log into Windows. The installer will also attempt to uninstall anti-virus programs that it feels can potentially detect it and thus remove it. Though it displays the names of real infections, what AntiMalware is detecting does not actually exist on your computer. Therefore, do not be concerned by what the scan results of this program says.
AntiAID is a rogue anti-spyware program from the Wini family. This variant is slightly different than previous versions as the it has changed its graphical user interface, or GUI. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install AntiAID onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when AntiAID scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.
SystemWarrior is a rogue anti-spyware program from the Wini family. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install SystemWarrior onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when SystemWarrior scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.
The same Trojan will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase SystemWarrior to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.
MaCatte Antivirus 2009 is a rogue anti-spyware program that display fake security alerts and scan results as a method to trick you into thinking you are infected. This program also attempts to emulate the legitimate McAfee anti-virus program by using a similar name and web site template. When installed, MaCatte Antivirus will be configured to start automatically when you boot up Windows. Once started, it will scan your computer and then display numerous infections, but will not remove them until you first purchase the program. The reality is that the scan results it shows are all fake and are only being shown to trick you into thinking you are infected so that you will then purchase the program. It goes without saying that you should not do this.
AntiMalware is a rogue application from the same family as Active Security. When this program is installed it will be configured to start automatically when you log into Windows. The installer will also attempt to uninstall anti-virus programs that it feels can potentially detect it and thus remove it. Though it displays the names of real infections, what AntiMalware is detecting does not actually exist on your computer. Therefore, do not be concerned by what the scan results of this program says.
AntiAID is a rogue anti-spyware program from the Wini family. This variant is slightly different than previous versions as the it has changed its graphical user interface, or GUI. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install AntiAID onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when AntiAID scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.
SystemWarrior is a rogue anti-spyware program from the Wini family. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install SystemWarrior onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when SystemWarrior scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.
The same Trojan will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase SystemWarrior to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.
MaCatte Antivirus 2009 is a rogue anti-spyware program that display fake security alerts and scan results as a method to trick you into thinking you are infected. This program also attempts to emulate the legitimate McAfee anti-virus program by using a similar name and web site template. When installed, MaCatte Antivirus will be configured to start automatically when you boot up Windows. Once started, it will scan your computer and then display numerous infections, but will not remove them until you first purchase the program. The reality is that the scan results it shows are all fake and are only being shown to trick you into thinking you are infected so that you will then purchase the program. It goes without saying that you should not do this.
Saturday, October 31, 2009
Scareware - list of new names
We recently discovered a new resource to keep up with the new names all of the scareware are using. By scareware we mean the wonderful Antivirus 2009/2010 line of malware/spyware/viruses.
1. BlockWatcher is a rogue anti-spyware program that is promoted through the use of Trojans. These Trojans appear to be Flash updates or video codecs that are required to watch an online video. Once the Trojan is installed it will download and install BlockWatcher on to your computer. The installer will also create numerous files that will then be detected as malware when BlockWatcher scans your computer. When you try and remove the "infections" it finds in the scan results, BlockWatcher will state that you need to first purchase it before it will remove anything. This is a scam, because the "infections" that are found are harmless and cannot harm your computer.
2. Windows Enterprise Suite is a rogue that is advertised through the use of fake online anti-malware scanners. When visiting various sites you will be presented with a pop-up that states your computer is infected. If you click on the pop-up, you will be brought to a page that shows an advertisement pretending to be an online anti-malware scanner. When the advertisement is finished, it will state your computer is infected and that you should download and install Windows Enterprise Suite.When Windows Enterprise Suite is installed it will be configured to start automatically when you login to Windows. The installer will also create numerous files on your computer that will then be detected as malware when Windows Enterprise Suite scans your computer.
3. Desktop Defender 2010 is a rogue security program from the Contraviro family. When installed this program will be configured to start automatically when Windows starts and will then create fake malware files that will be detected during the program's scans. Desktop Defender 2010 will not, though, remove any files that it states are malware until you first purchase the program. DO NOT attempt to purchase or use this scareware to remove any of the "infections" because you will be sending your credit card to cyber criminals and the files in quesiton may be legitimate Windows files.
4. Volcano Security Suite is a rogue anti-spyware program from the Smart Virus Eliminator family. It advertised through the use of fake online scanner pages that show an advertisement pretending to be an anti-malware scanner. When the advertisement finishes it will state that your computer is infected and that you should download Volcano Security Suite to protect your computer. Once downloaded and installed, Volcano Security Suite will be configured to automatically scan your computer when Windows starts and will also create numerous harmless files throughout your computer.
5. Windows System Defender is a rogue anti-spyware program that uses fake malware files and false scan detections to trick you into thinking that your computer is infected. After being installed, Windows System Defender will be configured to start automatically when Windows boots. The installer will also create numerous files on your computer that will then be detected as malware when the program scans your computer. If you try to remove these supposed infections with Windows System Defender it will state that you first need to purchase the program before it will do so. DO NOT attempt to purchase this as you will be sending your credit card information to cyber criminals.
6. Conflicker.B Spam Trojan - Cyber criminals are becoming more inventive with their viruses and this is a prime example of that. This is seen with a new SPAM email that is being distributed that contains an attachment, that when run, lowers the security of Internet Explorer and installs the rogue anti-spyware program called Antivirus Pro 2010 on to your computer. This SPAM pretends to be an email from Microsoft where they state that a new version of Conficker has been released and that the included attachment, called install.zip, is a tool that can be used to scan and clean your computer of this infection. In reality this attachment is a Trojan that will harm the security of your computer. The current text of the SPAM message is:
Subject: Conflicker.B Infection Alert
Message:
Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division
If you download the attachment and open the ZIP file, you will see a file called install.exe. When the install.exe file is run it will change your Internet Explorer security settings so that Internet Explorer will run files that are normally considered risky. It will also display a fake security warning in your taskbar that states Windows has detected an infection. The text of this warning is:
Your computer is infected!
Windows has detected spyware infection!
It is recomended to use special antispyware tools to pervent data loss.Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!
Finally, the Trojan will download and install the rogue anti-spyware program called Antivirus Pro 2010 onto your computer, which will then state that you have numerous infections running on your computer. Please ignore any warnings that Antivirus Pro 2010 displays on your computer as they are all false and are only being shown to convince you to purchase the program.
1. BlockWatcher is a rogue anti-spyware program that is promoted through the use of Trojans. These Trojans appear to be Flash updates or video codecs that are required to watch an online video. Once the Trojan is installed it will download and install BlockWatcher on to your computer. The installer will also create numerous files that will then be detected as malware when BlockWatcher scans your computer. When you try and remove the "infections" it finds in the scan results, BlockWatcher will state that you need to first purchase it before it will remove anything. This is a scam, because the "infections" that are found are harmless and cannot harm your computer.
2. Windows Enterprise Suite is a rogue that is advertised through the use of fake online anti-malware scanners. When visiting various sites you will be presented with a pop-up that states your computer is infected. If you click on the pop-up, you will be brought to a page that shows an advertisement pretending to be an online anti-malware scanner. When the advertisement is finished, it will state your computer is infected and that you should download and install Windows Enterprise Suite.When Windows Enterprise Suite is installed it will be configured to start automatically when you login to Windows. The installer will also create numerous files on your computer that will then be detected as malware when Windows Enterprise Suite scans your computer.
3. Desktop Defender 2010 is a rogue security program from the Contraviro family. When installed this program will be configured to start automatically when Windows starts and will then create fake malware files that will be detected during the program's scans. Desktop Defender 2010 will not, though, remove any files that it states are malware until you first purchase the program. DO NOT attempt to purchase or use this scareware to remove any of the "infections" because you will be sending your credit card to cyber criminals and the files in quesiton may be legitimate Windows files.
4. Volcano Security Suite is a rogue anti-spyware program from the Smart Virus Eliminator family. It advertised through the use of fake online scanner pages that show an advertisement pretending to be an anti-malware scanner. When the advertisement finishes it will state that your computer is infected and that you should download Volcano Security Suite to protect your computer. Once downloaded and installed, Volcano Security Suite will be configured to automatically scan your computer when Windows starts and will also create numerous harmless files throughout your computer.
5. Windows System Defender is a rogue anti-spyware program that uses fake malware files and false scan detections to trick you into thinking that your computer is infected. After being installed, Windows System Defender will be configured to start automatically when Windows boots. The installer will also create numerous files on your computer that will then be detected as malware when the program scans your computer. If you try to remove these supposed infections with Windows System Defender it will state that you first need to purchase the program before it will do so. DO NOT attempt to purchase this as you will be sending your credit card information to cyber criminals.
6. Conflicker.B Spam Trojan - Cyber criminals are becoming more inventive with their viruses and this is a prime example of that. This is seen with a new SPAM email that is being distributed that contains an attachment, that when run, lowers the security of Internet Explorer and installs the rogue anti-spyware program called Antivirus Pro 2010 on to your computer. This SPAM pretends to be an email from Microsoft where they state that a new version of Conficker has been released and that the included attachment, called install.zip, is a tool that can be used to scan and clean your computer of this infection. In reality this attachment is a Trojan that will harm the security of your computer. The current text of the SPAM message is:
Subject: Conflicker.B Infection Alert
Message:
Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division
If you download the attachment and open the ZIP file, you will see a file called install.exe. When the install.exe file is run it will change your Internet Explorer security settings so that Internet Explorer will run files that are normally considered risky. It will also display a fake security warning in your taskbar that states Windows has detected an infection. The text of this warning is:
Your computer is infected!
Windows has detected spyware infection!
It is recomended to use special antispyware tools to pervent data loss.Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!
Finally, the Trojan will download and install the rogue anti-spyware program called Antivirus Pro 2010 onto your computer, which will then state that you have numerous infections running on your computer. Please ignore any warnings that Antivirus Pro 2010 displays on your computer as they are all false and are only being shown to convince you to purchase the program.
Wednesday, October 21, 2009
Think Again If You Think Your Banking Info Is Safe!
With scareware infections on the rise, more and more people are finding their private banking information has been compromised. With an estimated 485,000 different takes on the Antivirus scareware in just the first six months of 2009, the number of infected computers has grown as well.
More than half (54 per cent) or 11.9 million of the computers scanned by Panda Security, which contributed to APWG's report, were infected with some form of malware. Banking trojan infections detected by the group almost tripled (up 186 per cent) between Q4 2008 and Q2 2009.
More than half (54 per cent) or 11.9 million of the computers scanned by Panda Security, which contributed to APWG's report, were infected with some form of malware. Banking trojan infections detected by the group almost tripled (up 186 per cent) between Q4 2008 and Q2 2009.
Antivirus Scareware Shows Up In Google For Skype
Well it's finally happened. The makers of the "Antivirus" strain of malware are now using Skype to to spread their crap.
Malicious links have been found on Google and Skype has joined the ranks of the malicious manipulated search results. Sean-Paul Correll, a security researcher a Panda Security, explains that under its latest guise, scareware scams appear as spam messages sent to personal Skype accounts.
The message appears to come from an account called "Online Notification" and claims to have discovered an "infection" on your computer. Once the link is clicked for "more information" the unsuspecting user is taken to a fake anti-virus scan which indicates the computer is infested with viruses and the program must be "purchased" to remove them.
Panda has detected one strain that completely disables applications on a compromised PC except the rogueware utility and IE. Once it's "purchased" the applications are re-enabled. Users that follow tainted search results on to a compromised website will be re-directed to the scareware.
Google has established a custom search page - www.anti-malvertising.com - designed to assist customers of ad networks to uncover possible attempts to distribute malware through advertising, a concern highlighted by the recent New York Times rogueware attack. Security researchers from the search engine have also become active participants in closed mailing lists discussing scareware and the wider cybercrime problem.
Malicious links have been found on Google and Skype has joined the ranks of the malicious manipulated search results. Sean-Paul Correll, a security researcher a Panda Security, explains that under its latest guise, scareware scams appear as spam messages sent to personal Skype accounts.
The message appears to come from an account called "Online Notification" and claims to have discovered an "infection" on your computer. Once the link is clicked for "more information" the unsuspecting user is taken to a fake anti-virus scan which indicates the computer is infested with viruses and the program must be "purchased" to remove them.
Panda has detected one strain that completely disables applications on a compromised PC except the rogueware utility and IE. Once it's "purchased" the applications are re-enabled. Users that follow tainted search results on to a compromised website will be re-directed to the scareware.
Google has established a custom search page - www.anti-malvertising.com - designed to assist customers of ad networks to uncover possible attempts to distribute malware through advertising, a concern highlighted by the recent New York Times rogueware attack. Security researchers from the search engine have also become active participants in closed mailing lists discussing scareware and the wider cybercrime problem.
Saturday, October 17, 2009
Fake Antivirus Software Has Far Reaching Implications
We've been posting about the Antivirus 2009/2010 malware for some time now and we would like to give you an example of exactly what it does on the "back end". You, the user, experience computer slow down or the "blue screen of death", annoying pop ups telling you to buy the fake program, inability to access certain items or to get online. What you may not know is that by continuing to try and use the infected computer, you are not only causing more damage to your computer but you are helping to further the fraud that this program is designed to com mitt.
It was recently reported that Google is one of many sites hat are literally being "robbed" by this malware infection. There is a ring of these infected computers (also known as a botnet) and in layman's terms they are being remotely controlled and used to commit crimes on the internet.
The botnet relies on malware distributed through fake antivirus scams to take over more computers. Compromised PCs have their DNS settings secretly changed, an attack known as DNS poisoning. Thereafter, attempts to reach, say Google.com, on a compromised computer lead to a fake Google site that presents ads from which Google derives no benefit. When accessing one of these fake search pages, if you click on one of the links you are actually redirected to a third party website which is then given credit for your click.
A report release by the Anti-Phishing Working Group indicates an tremendous increase in the number of fake antivirus infected computers; a jump of 585% between January and June of 2009. "The Internet has never been more dangerous," said APWG Chairman David Jevans in a statement.
The report also indicates that cybercriminals have been using the LuckySploit cybercrime toolkit to compromise legitimate Web sites to infect the computers of Web site visitors.
In addition during the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs, part of computer security company Panda Security. Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year.
It was recently reported that Google is one of many sites hat are literally being "robbed" by this malware infection. There is a ring of these infected computers (also known as a botnet) and in layman's terms they are being remotely controlled and used to commit crimes on the internet.
The botnet relies on malware distributed through fake antivirus scams to take over more computers. Compromised PCs have their DNS settings secretly changed, an attack known as DNS poisoning. Thereafter, attempts to reach, say Google.com, on a compromised computer lead to a fake Google site that presents ads from which Google derives no benefit. When accessing one of these fake search pages, if you click on one of the links you are actually redirected to a third party website which is then given credit for your click.
A report release by the Anti-Phishing Working Group indicates an tremendous increase in the number of fake antivirus infected computers; a jump of 585% between January and June of 2009. "The Internet has never been more dangerous," said APWG Chairman David Jevans in a statement.
The report also indicates that cybercriminals have been using the LuckySploit cybercrime toolkit to compromise legitimate Web sites to infect the computers of Web site visitors.
In addition during the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs, part of computer security company Panda Security. Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year.
New Versions of Antispyware keep coming
We have continued to see new "versions" of the antivirus malware/spyware infection and its creators are getting more and more creative. We removed a fake program called Cyber Security ANtivirus 2009 last night and here's a picture of it.
If you start seeing strange pop up's from a program you never installed and it says your computer has thousands of viruses then GIVE US A CALL! We offer same day service in most cases and our flat rates for removal are just $60 for in home service and only $40 if you drop it off with us.
We also perform general repairs such as replacing/installing hardware, software install and troubleshooting, email client set up, home wireless router set up and security, complete internal cleaning and maintenance, custom built computers.
If you start seeing strange pop up's from a program you never installed and it says your computer has thousands of viruses then GIVE US A CALL! We offer same day service in most cases and our flat rates for removal are just $60 for in home service and only $40 if you drop it off with us.
We also perform general repairs such as replacing/installing hardware, software install and troubleshooting, email client set up, home wireless router set up and security, complete internal cleaning and maintenance, custom built computers.
Subscribe to:
Posts (Atom)
Posts
