Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: New Worm Leading to Rogue AV Is Spreading on Twitter


22 Jan 2011   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
New Worm Leading to Rogue AV Is Spreading on Twitter

Quote:

Security researchers from Kaspersky Lab warn that a new worm rapidly spreading on Twitter spams rogue goo.gl URLs that direct users to fake antivirus distribution sites.

The spammed links take users through a series of redirects until landing them on an obfuscated scareware attack page.

According to Kaspersky Lab's Nicolas Brulez, the obfuscation is based on a JavaScript implementation of the RSA encryption algorithm.

"RSA is used as an obfuscation technique more frequently than any other, since the private key is available in the JavaScript page. The modulus 'N' seems to be 26 bits in length most of the time, which is ridiculously small," the researcher notes.

The fake AV variant served in this attack is called "Security Shield" and one interesting aspect about it is that its graphical user interface is localized depending on the language of the operating system.
New Worm Leading to Rogue AV Is Spreading on Twitter - Softpedia

My System SpecsSystem Spec
.

22 Jan 2011   #2

Windows 8.1 Pro
 
 

This is why I don't let stuff from the internet do system scans of my system. This is where you also need to know what your system is doing as well as its health. If I run into a page that tells me I have a virus or my system appears to be faulty, I close that page immediately as I know it's a fake because I know where my system is. If I have doubts, I don't my own scans/diagnoses using my own tools or those provided by Windows.

In short if you know your system and know what it's doing these fakes are easy to spot.
My System SpecsSystem Spec
22 Jan 2011   #3
JMH

Win 7 Ultimate 64-bit. SP1.
 
 

Of course.
Not everyone has our knowledge, discipline or experience.
{Often negative experiences are the best "teachers."}
My System SpecsSystem Spec
.


22 Jan 2011   #4

Windows 8.1 Pro
 
 

Quote   Quote: Originally Posted by JMH View Post
{Often negative experiences are the best "teachers."}
Yeah, unfortunately thatís how viruses and other nefarious things spread
My System SpecsSystem Spec
22 Jan 2011   #5

 
 

Scan finished. 9 out of 19 scanners reported malware - MD5: bae499fc5844d814f942e870900c9d57 - pack.exe - Jotti's malware scan

New Worm Leading to Rogue AV Is Spreading on Twitter-sec.jpg


My System SpecsSystem Spec
22 Jan 2011   #6

Windows 8.1 Pro
 
 

I'm sorry but I’m a little reluctant to click that link. What is it? - virusscan.jotti.org

Looks like a scan website to me.... something to which I said I avoid.

Thanks.
My System SpecsSystem Spec
22 Jan 2011   #7
JMH

Win 7 Ultimate 64-bit. SP1.
 
 

Belt & braces there Andrew?

Tis best to be wary.
My System SpecsSystem Spec
22 Jan 2011   #8

Windows 8.1 Pro
 
 

Can never be too careful

I'm adventurous but....
My System SpecsSystem Spec
22 Jan 2011   #9

 
 

Quote   Quote: Originally Posted by sygnus21 View Post
I'm sorry but Iím a little reluctant to click that link. What is it? - virusscan.jotti.org

Looks like a scan website to me.... something to which I said I avoid.

Thanks.
When Virus Total is down then Jottis is an alternative. Not as many engines as VT but better than nothing.

And what do you mean by "avoid". Do you advise to avoid VT as well and why?
My System SpecsSystem Spec
22 Jan 2011   #10

Microsoft Community Contributor Award Recipient

Windows 7 x64
 
 

I actually just removed this from a neighbor's system a couple of days ago, couldn't for the life of me figure out where he picked it up though. ...didn't see twitter in his history. Malwarebytes + safe mode with networking took it right out with latest update though.
My System SpecsSystem Spec
Reply

 New Worm Leading to Rogue AV Is Spreading on Twitter




Thread Tools



Similar help and support threads for2: New Worm Leading to Rogue AV Is Spreading on Twitter
Thread Forum
Recovery was deleted now leading nowhere General Discussion
Info-stealing Dorkbot worm spreading on Facebook Security News
New Facebook worm spreading Security News
Twitter worm hits goo.gl, redirects to fake anti-virus Security News
Malware Watch: This week's spreading scareware System Security
Clampi virus spreading across UK and US PCs System Security
Koobface Worm Comes To Twitter News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:03 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33