" />

Tech Geek and More

Technology Explained for All

AD IDrive Remote Backup

Tag Archives: Fake Anti-Virus

Alert: Another Fake Email install Rogue Software (From Panda Labs Blog)

     One of the biggest reasons why TechGeekandMore started came from how many customers I had (and still have) to visit every week to either clean Viruses of PC or (even worse) recover as many files as possible and then reinstall Windows.  I wanted a way a to try and alert and educate my customers about how …..

- No African Prince was going give you millions

- Emails that say that they are from a friend or family with that weird looking attachment could actually be fake

- Hot College Girl……well this one just really doesn’t have much beyond “Don’t do it”.

ETC ETC ETC…….

     In those lines a new email starting this week, that has only 1 goal, to trick you into downloading and installing some really nasty software (more of the fake antivirus software).  This new email says that “You have received a postcard”……

The following information comes from PANDALABS blog ( http://pandalabs.pandasecurity.com/the-thousand-faced-rogue/ (http://pandalabs NULL.pandasecurity NULL.com/the-thousand-faced-rogue/))

******************************************************************************************************************

The Thousand-Faced Rogue

Mar 5

  • Posted on 03/5/10 by Olaiz (http://pandalabs NULL.pandasecurity NULL.com/author/olaiz/)

We want to inform you of a new flood of email messages that seem to contain a postcard but are actually distributing malware. Concretely, we’ve seen several thousands in a few hours.

It’s not the first time we see emails like this in circulation, as subjects like “You’ve received a postcard” are very recurrent.

The message is like the following:

postcardzip_en

The message seems to have been sent by a member of your family through a legal website to download and send postcards, so that users don’t suspect. In order to view the postcard, you have to open the attached file. It’s a file compressed with zip and if you run it, a rogueware program will be installed in your computer, which is different depending on the message and the operating system you have.

The following are some of the names of the fake antivirus that can be installed in your computer if you run this file:

% Antispyware 2010

Antivirus % 2010

% Guardian 2010

% Guardian

% Defender 2010

% Antivirus

% Antivirus 2010

% Antivirus Pro

% Antivirus Pro 2010

% Internet Security

% Internet Security 2010

where % stands for the operating system of the computer in which it is going to be installed. Some examples: XPAntispyware2010, Vista Guardian, Win 7 Antivirus Pro.

Let’s take as an example Antivirus XP 2010 and see the actions it carries out once it has been installed in the computer.

As every rogueware, it starts scanning the system to check if the computer is infected.

Once finished, it displays a list with the malware that has detected in your computer to make you believe that you’ve got a problem and that this program will offer you the solution:

AntivirusXP2010

However, all the malware it has detected makes reference to unexisting files, so the only threat you have is the own rogue.

Additionally, it prevents the execution of programs whose window title makes reference to the following programs:

Internet Explorer

Firefox

Several security suites.

When you try to run any of these, a message is displayed informing you that these programs are infected and recommending you to install the fake antivirus to solve the problem.

The following image belongs to the message that is displayed when Firefox is run:

Firefox_infected

It also contains code to uninstall different security solutions. This way, the computer would be unprotected and the real antivirus programs could not detect it.

ALERT: Fake Antivirus software really adware meant to take your money $$$

pandalabs_security Story (and pictures) from the Panda Labs website (LINK: http://www.pandasecurity.com/emailhtml/oxygen/022809_ENG_in.htm (http://www NULL.pandasecurity NULL.com/emailhtml/oxygen/022809_ENG_in NULL.htm))

Anti-Virus-1: A new fake antivirus

Anti-Virus-1 is adware, specifically a "fake antivirus". As with all such adware, it is designed to simulate a scan of the computer, supposedly detecting thousands of strains of (non-existent) malware. The end aim is to sell users a pay version of the fake antivirus in order to eliminate the threats.

When run, this adware warns the user that the computer is not protected. The main screen displayed (http://www NULL.flickr NULL.com/photos/panda_security/3313653378/) is a spoof of the Window Security Center

3313653378_e9307e88f8

It then pretends to scan the system for malware (http://www NULL.flickr NULL.com/photos/panda_security/3313653384/). If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected (http://www NULL.flickr NULL.com/photos/panda_security/3313653386/)

3313653386_d7d2477df1

In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus. Anyone clicking on the link will be redirected to a page like this (http://www NULL.flickr NULL.com/photos/panda_security/3313653390/).

3313653390_a9554b8264

Additionally, when infected users visit certain Web pages with comparative reviews of antivirus products, there will be redirected to a spoof page showing a review of an ‘antivirus’, called Antivirus2010, with functions and characteristics similar to Anti-Virus-1.

"By doing this, cyber-crooks hope that users will download this adware on their own initiative. This makes it far less likely that users will suspect that they have been infected and consequently more likely that they will buy the fake antivirus", explains Luis Corrons, Technical Director of Panda Labs.

Ads by Google

View in: Mobile | Standard