Wednesday, December 2, 2009

Scareware updates

Here are some more scareware updates. These all look similar and act similar but they have different "names".



AntiAdd is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When this Trojan is installed it will download and install AntiAdd onto your computer and then configure it to start automatically. This same Trojan will also create numerous files in the on your computer with random filenames that are then detected as malware when AntiAdd scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program detects the files it created in the first place in order to trick you into thinking there are actual malware on your computer. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.


The Trojan that installed AntiAdd will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase AntiAdd to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.



KeepCop is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When a user runs the Trojan it will download and install KeepCop onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when KeepCop scans your computer. The program, though, will then state it will not remove these files until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.


The Trojan that installed KeepCop will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase KeepCop to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.



REAnti is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When this Trojan is installed it will download and install REAnti onto your computer and then configure it to start automatically. This same Trojan will also create numerous files in the on your computer with random filenames that are then detected as malware when REAnti scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program detects the files it created in the first place in order to trick you into thinking there are actual malware on your computer. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.


The Trojan that installed REAnti will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase REAnti to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.



RESpyWare is a rogue anti-spyware program that is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When this Trojan is installed it will download and install RESpyWare onto your computer and then configure it to start automatically. This same Trojan will also create numerous files in the on your computer with random filenames that are then detected as malware when RESpyWare scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program detects the files it created in the first place in order to trick you into thinking there are actual malware on your computer. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.


The Trojan that installed RESpyWare will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase RESpyWare to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges.

****thanks BleepingComputer.com!****

Scareware updates

Additional screen shots and information on new scareware versions. Please keep in mind that these can result in serious damage to your computer as well as possible identity and banking information theft and even complete loss of control over yoru computer. If you see something similar to these pictures please call a professional as soon as possible!



Additional Guard is a rogue anti-spyware program that is promoted through the use of fake online scanner sites and misleading advertisements. When this program is installed it will be configured to start automatically. The installer will also create numerous files on your computer that will then be detected as malware by Additional Guard when it scans your computer.

While Additional Guard is running you will also see a constant barrage of fake security alerts and warnings appear on your desktop. These warnings will state that a virus has been detected or that active malware is sending data on the Internet. Just like the scan results, these fake security alerts are just another method where the program is trying to trick you into thinking that you have a security problem.

Without a doubt, Additional Guard is a scam designed to trick you into purchasing the program to remove fake infections. It goes without saying that you should not purchase this program and if you already have, we suggest you contact your credit card company to dispute the charges.



Antivir is a rogue anti-spyware program that is promoted through the use of fake online anti-malware scanners. When browsing the web you may see a pop-up that states your computer is infected and that you should run an online anti-malware program to scan your computer for infections. If you click on this pop-up you will be brought to a site that shows an advertisement that pretends to be an online anti-malware scanner. At the end of the advertisement, it will state that your computer is infected and that you should download and install Antivir to protect yourself.

When Antivir is installed it will be configured to start automatically when Windows starts. Once started it will scan your computer and list numerous infections on your computer, but will not allow you to remove them until you purchase the program. The reality is that the infections it finds are legitimate programs that should not be deleted as it may cause your computer to not run properly. Therefore, please do not purchase this program or act on any of the scan results that are show.




Eco AntiVirus 2010 is a rogue anti-spyware program that is promoted through the use of fake online anti-malware scanners. When browsing the web, you may be shown a pop-up that states that your computer has security problems and that you should click OK to run an online anti-malware scanner. When you click on the OK button, you will be brought to a page that shows an advertisement that pretends to be an online scanner, that when finished, states your computer has various infections and that you should download and install Eco Antivirus 2010 to protect your computer. It is important to remember when you see pop-ups like these, that they are advertisements and they have no way of knowing what is running on your computer.

Once Eco AntiVirus 2010 is installed on your computer, it will be configured to run automatically and scan your computer. When the scan has finished it will state that you have numerous infections, but will not allow you to remove them until you first purchase the program. These infections, though, are all fake and do not exist on your computer or are legitimate programs it is stating are infections. Therefore, please do not act on these scan results as you may be deleting valid Windows files.

This program will also install a Internet Explorer Browser Helper Object that will hijack Internet Explorer. This hijack will display messages when you browse the web that states that the particular page may be a phishing site or that your computer has a security problem. All of these alerts, like the scan results, are fake and should be ignored.



Personal Security is a rogue anti-spyware program from the same family as Cyber Security. This program is promoted through the use of malware that will install it on your computer without your permission. In order to protect itself, this program will automatically attempt to terminate security programs that may help to remove it. When installed, Personal Security will be configured to start automatically when Windows starts. Once started, it will scan your computer and display a variety of infections, but will state that it will not remove them unless you first purchase the program. In reality, the infections it finds are either fake or legitimate programs that if deleted could cause problems with the proper operation of Windows. Therefore, please do not act upon any of the files it states are infections.

Personal Security also employs numerous methods where it tries to trick you into thinking you are infected. The first method is the display of a Window that impersonates the legitimate Windows Security Center. The difference is that this fake version suggests you purchase Personal Security to protect yourself. The program will also display numerous security warnings on your computer stating that there is a security problem on the infected computer.

This program may also display a screen saver that pretends to be a Windows crash, or Blue Screen of Death, that states your computer is infected with the SPYWARE.MONSTER.FX_WILD_0x00000000 malware and that it crashed your computer. It then pretends to reboot your computer. Please remember that this is a screen saver and the crash and subsequent reboot are not real. Last, but not least, this program will hijack Internet Explorer so that it randomly displays a warning message when browsing the web.

Just like the scan results, all of these warnings messages are fake and are only being shown to scare you into thinking that there is a security problem on your computer. Therefore, please ignore these warnings.



Enterprise Suite is a rogue anti-spyware program that is promoted through the use of fake online scanner sites and misleading advertisements. When this program is installed it will be configured to start automatically. The installer will also create numerous files on your computer that will then be detected as malware by Enterprise Suite when it scans your computer.

This method of creating the files that will be detected by the same program is becoming more and more common with rogues. They do this to substantiate the existence of supposed malware files even on machines that are completely clean. Therefore, please do not believe any of the scan results presented by this program.


While Enterprise Suite is running you will also see a constant barrage of fake security alerts and warnings appear on your desktop. These warnings will state that a virus has been detected or that active malware is sending data on the Internet. Just like the scan results, these fake security alerts are just another method where the program is trying to trick you into thinking that you have a security problem.

****thanks BleepingComputer.com!****

Monday, November 30, 2009

Malware Targeting Twilight Fans

PC Tools Malware Reseach Center announced that "Twilight" fans are now becoming targets of malware. the latest trick tempts movie fans by promising them they can watch the film for free, before installing malware on their computer.

Fans are being baited with a message that says they can watch the full movie "New Moon" online for free on websites, in chatrooms and on blogs. To make this scam more believeable, they are even including comments from supposed viewers which give the online viewing a raving review.

However, after clicking on the 'movie player', users are told to run a 'streamviewer' which installs malware on their computers. This is the second malware scam targeting Twilight New Moon in a week. Last week, PC Tools warned that malicious websites that claim to feature interviews with the author of the books, Stephanie Meyer, were ranking high in a number of search engines.

Instead of providing a video clip of Meyer, those visiting the site were directed to a window informing them they were infected with malware and then encouraged to download an antivirus solution to clean their PC.

Wednesday, November 18, 2009

Malware updates

Wepromise to continue bringing you the latest updates on malware infections. Here is an update:

Enterprise Suite is a rogue anti-spyware program that is promoted through the use of fake online scanner sites and misleading advertisements. When this program is installed it will be configured to start automatically. The installer will also create numerous files on your computer that will then be detected as malware by Enterprise Suite when it scans your computer.



SecureKeeper is a rogue anti-spyware program from the Wini family. This rogue is promoted through the use of Trojans that pretend to be video codecs or flash updates that are required to watch an online video. When a user runs the Trojan it will download and install SafeKeeper onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when SafeKeeper scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.



Personal Protector is a rogue anti-spyware program that is promoted through fake online scanners and aggressive advertising. When installed, Personal Protector will be configured to start automatically. Once started it will scan your computer and state that there are a variety of infections on your computer, but will not remove them until you first purchase the program. In reality, these scan results are all fake or are legitimate programs being classified as infections. Therefore, please do not act upon any of the scan results that this program shows you as you may delete legitimate Windows files.




Control Center is a rogue computer optimization suite from the same family as Privacy Center. This program is promoted through the use of misleading web sites and fake online anti-malware scanners that state your computer has a problem. These sites will then prompt you to download and install Control Center to fix the problem on your computer. When the program is installed it will be configured to start automatically when Windows starts. Once running it will scan your computer and state that there are numerous problems with various components of Windows. If you try and see what these problems are, though, it will state that you need to purchase the program to see the results. In reality, the program is not finding any problems at all, but is just saying that they exist in order to trick you into purchasing the program.



****thanks BleepingComputer.com!****

Friday, November 13, 2009

Top Web Sites Are Spreading Malware

The old addage of only going to well known websites has gone out the window! These days it seems it doesn't matter if you're looking at porn or recipes you will still probably wind up with some sort of malware or virus on your computer.

Seventy percent of the top 100 Web sites either hosted malicious content or contained a link designed to redirect site visitors to a malicious Web site during the second half of 2008, claims Websense's report State of Internet Security, Q3-Q4, 2008.

We have been educating our customers for over a year now and letting them know that their computers were being infected through malicious ADS placed on legitimate websites and now the security industry has finally caught up with us.

Ensuring that you maintain your antivirus software is simply not enough any more. Placing all your faith in antivirus software will leave you infecte with malware and spyware.

During July and August of this year, independent test lab and product analyst firm, NSS Labs conducted real-world tests of anti-virus and endpoint software suites against socially engineered, Web-based malware. And we know that's one of the most pressing, rapidly growing threats. Some counts have Web-based malware pegged as more than 50% of all malware delivered today.

The vendors tests included AVG, ESET, F-Secure, Kaspersky Labs, McAfee, Norman, Norton, Panda, and Trend Micro. The results were not very good. the lab conduced 17 days of 24x7 testing, with 59 separate test runs -- occurring every 8 hours. Each test used the most current version of the anti-malware application.

Trend Micro, only managed to stop 91 % of malware as the download to the test system was underway, as well as an additional 5.5% as it executed. That's a 96.5% success rate. The worst performer, according to NSS Lab's testing, ESET blocked only 65.4% of Web-based malware as it tried to download, and 2.5% as it tried to execute. That's a 67.9% success rate. All of the other vendors tested landed somewhere in between.

Thursday, November 12, 2009

Scareware list update

Here are some of the names and looks of recent scareware.

AntiMalware is a rogue application from the same family as Active Security. When this program is installed it will be configured to start automatically when you log into Windows. The installer will also attempt to uninstall anti-virus programs that it feels can potentially detect it and thus remove it. Though it displays the names of real infections, what AntiMalware is detecting does not actually exist on your computer. Therefore, do not be concerned by what the scan results of this program says.



AntiAID is a rogue anti-spyware program from the Wini family. This variant is slightly different than previous versions as the it has changed its graphical user interface, or GUI. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install AntiAID onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when AntiAID scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.



SystemWarrior is a rogue anti-spyware program from the Wini family. This rogue is advertised through Trojans that pretend to be video codecs or flash updates that are required to watch an online movie. When a user runs the Trojan it will download and install SystemWarrior onto your computer and configure it to start automatically. The same Trojan will also create numerous files in the C:\Windows and C:\Windows\System32 folder that are then detected as malware when SystemWarrior scans your computer. The program, though, will then state it will not remove them until you first purchase it. This is obviously a scam as the programs creates the same files it will detect to try and trick you into thinking there is actual malware on your computer. The reality is that these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.


The same Trojan will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase SystemWarrior to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.



MaCatte Antivirus 2009 is a rogue anti-spyware program that display fake security alerts and scan results as a method to trick you into thinking you are infected. This program also attempts to emulate the legitimate McAfee anti-virus program by using a similar name and web site template. When installed, MaCatte Antivirus will be configured to start automatically when you boot up Windows. Once started, it will scan your computer and then display numerous infections, but will not remove them until you first purchase the program. The reality is that the scan results it shows are all fake and are only being shown to trick you into thinking you are infected so that you will then purchase the program. It goes without saying that you should not do this.



****thanks BleepingComputer.com!****

Saturday, October 31, 2009

Scareware - list of new names

We recently discovered a new resource to keep up with the new names all of the scareware are using. By scareware we mean the wonderful Antivirus 2009/2010 line of malware/spyware/viruses.

1. BlockWatcher is a rogue anti-spyware program that is promoted through the use of Trojans. These Trojans appear to be Flash updates or video codecs that are required to watch an online video. Once the Trojan is installed it will download and install BlockWatcher on to your computer. The installer will also create numerous files that will then be detected as malware when BlockWatcher scans your computer. When you try and remove the "infections" it finds in the scan results, BlockWatcher will state that you need to first purchase it before it will remove anything. This is a scam, because the "infections" that are found are harmless and cannot harm your computer.



2. Windows Enterprise Suite is a rogue that is advertised through the use of fake online anti-malware scanners. When visiting various sites you will be presented with a pop-up that states your computer is infected. If you click on the pop-up, you will be brought to a page that shows an advertisement pretending to be an online anti-malware scanner. When the advertisement is finished, it will state your computer is infected and that you should download and install Windows Enterprise Suite.When Windows Enterprise Suite is installed it will be configured to start automatically when you login to Windows. The installer will also create numerous files on your computer that will then be detected as malware when Windows Enterprise Suite scans your computer.



3. Desktop Defender 2010 is a rogue security program from the Contraviro family. When installed this program will be configured to start automatically when Windows starts and will then create fake malware files that will be detected during the program's scans. Desktop Defender 2010 will not, though, remove any files that it states are malware until you first purchase the program. DO NOT attempt to purchase or use this scareware to remove any of the "infections" because you will be sending your credit card to cyber criminals and the files in quesiton may be legitimate Windows files.




4. Volcano Security Suite is a rogue anti-spyware program from the Smart Virus Eliminator family. It advertised through the use of fake online scanner pages that show an advertisement pretending to be an anti-malware scanner. When the advertisement finishes it will state that your computer is infected and that you should download Volcano Security Suite to protect your computer. Once downloaded and installed, Volcano Security Suite will be configured to automatically scan your computer when Windows starts and will also create numerous harmless files throughout your computer.




5. Windows System Defender is a rogue anti-spyware program that uses fake malware files and false scan detections to trick you into thinking that your computer is infected. After being installed, Windows System Defender will be configured to start automatically when Windows boots. The installer will also create numerous files on your computer that will then be detected as malware when the program scans your computer. If you try to remove these supposed infections with Windows System Defender it will state that you first need to purchase the program before it will do so. DO NOT attempt to purchase this as you will be sending your credit card information to cyber criminals.




6. Conflicker.B Spam Trojan - Cyber criminals are becoming more inventive with their viruses and this is a prime example of that. This is seen with a new SPAM email that is being distributed that contains an attachment, that when run, lowers the security of Internet Explorer and installs the rogue anti-spyware program called Antivirus Pro 2010 on to your computer. This SPAM pretends to be an email from Microsoft where they state that a new version of Conficker has been released and that the included attachment, called install.zip, is a tool that can be used to scan and clean your computer of this infection. In reality this attachment is a Trojan that will harm the security of your computer. The current text of the SPAM message is:

Subject: Conflicker.B Infection Alert
Message:

Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division


If you download the attachment and open the ZIP file, you will see a file called install.exe. When the install.exe file is run it will change your Internet Explorer security settings so that Internet Explorer will run files that are normally considered risky. It will also display a fake security warning in your taskbar that states Windows has detected an infection. The text of this warning is:

Your computer is infected!
Windows has detected spyware infection!
It is recomended to use special antispyware tools to pervent data loss.Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

Finally, the Trojan will download and install the rogue anti-spyware program called Antivirus Pro 2010 onto your computer, which will then state that you have numerous infections running on your computer. Please ignore any warnings that Antivirus Pro 2010 displays on your computer as they are all false and are only being shown to convince you to purchase the program.



****thanks BleepingComputer.com!****