Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Rogue antivirus: a growing problem.


19 Nov 2009   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Rogue antivirus: a growing problem.

Quote:
During the past two years we've written many times about programs which pretend to be something that they are not. The most notorious are rogue antivirus solutions programs which display messages saying the victim machine is infected, even though it is not. These programs neither scan nor clean computers, and they are actually designed to persuade users that their computers are at risk and scare them into buying the "antivirus" product. Such programs are often referred to as "scareware": Kaspersky Lab classifies them as FraudTool, a subset of the RiskWare class.

FraudTool.Win32.SpywareProtect2009: the main window
Such programs are extremely widespread and are increasingly used by cybercriminals. Whereas Kaspersky Lab detected about 3,000 rogue antivirus programs in the first half of 2008, more than 20,000 samples were identified in the first half of 2009.
More -
Viruslist.com - Rogue antivirus: a growing problem

My System SpecsSystem Spec
.

20 Nov 2009   #2

Windows 7 Ultimate 64bit
 
 

I ran into 3 of those last night while searching google. The very first link I clicked on popped up a fake antivirus scan and then tried to download a file to my computer. The problem is getting very bad!
My System SpecsSystem Spec
20 Nov 2009   #3

 

Never install anything which isn't well known to you, simple.

If it's unfamiliar, and you're uncertain - Google it...
My System SpecsSystem Spec
.


20 Nov 2009   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This stuff installs it'self .... you get it (if you're not properly secured) whether you want it or not!
My System SpecsSystem Spec
20 Nov 2009   #5

Windows 7 RTM
 
 

Quote   Quote: Originally Posted by Jacee View Post
This stuff installs it'self .... you get it (if you're not properly secured) whether you want it or not!
How does it execute without user consent?
My System SpecsSystem Spec
20 Nov 2009   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

"They are spread using the same methods use to distribute other malware: for instance, a Trojan-Downloader can secretly download such programs, or vulnerabilities in compromised/ infected sites can be exploited to perform a drive-by download." Viruslist.com - Rogue antivirus: a growing problem
My System SpecsSystem Spec
20 Nov 2009   #7

Windows 7 RTM
 
 

Quote   Quote: Originally Posted by Jacee View Post
"They are spread using the same methods use to distribute other malware: for instance, a Trojan-Downloader can secretly download such programs, or vulnerabilities in compromised/ infected sites can be exploited to perform a drive-by download." Viruslist.com - Rogue antivirus: a growing problem
Wow. That's scary, to be sure! Do drive-by downloads execute the downloaded programs automatically?

So, for instance, does this mean that if you view a trusted website that is unwittingly hosted malvertizement (i.e. compromised banner-ad on New York Times website a few weeks ago) you're done for? Is it impossible to prevent this kind of attack now, even from sites you trust?
My System SpecsSystem Spec
20 Nov 2009   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You want prevention before the fact .... You need a good Hosts file and and a program that prevents automatic Active X from downloading.
I use SpywareBlaster and SpywareGuard. Download and tutorials:
SpywareBlaster and SpywareGuard:
http://www.javacoolsoftware.com/products.html
Spyware Guard is a real-time malware scanner
SpywareBlaster tutorial:
http://www.bleepingcomputer.com/forums/Using_SpywareBlaster_to_protect_your_computer_from_Spyware_Hijackers_and_Malware-tut49.html
SpywareGuard tutorial:
http://www.bleepingcomputer.com/forums/Using_SpywareGuard_to_protect_your_computer_from_Spyware_and_Hijackers-tut50.html

You also need an active firewall program along with an updated antivirus and anti-spyware program.
My System SpecsSystem Spec
20 Nov 2009   #9

 

Installs itself my@r$e... the sort of product being talked about is something like, say, 'Anti-virus 2009' which fools unsuspecting users into clicking on it and installing the file they download... these type of things are most definitely not 'driveby' malware...
My System SpecsSystem Spec
20 Nov 2009   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Malicious code is inserted .... even if you click on the 'X' to close the pop-up window, a file has been dropped on the computer.
anti-virus rants: what is a drive-by download?

Virus Bulletin : Glossary - Drive-by download

One person mentioned to me that when a Rogue antivirus pop-up appeared on his machine, instead of closing it...he opened Task Manager and ended the process from there. We inspected his machine with a number of special malware tools and found that nothing malicious was installed. He was lucky!
My System SpecsSystem Spec
Reply

 Rogue antivirus: a growing problem.




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:50 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33