 |
Windows 7: Rogue antivirus: a growing problem.
|
19 Nov 2009
|
#1 | |
Win 7 Ultimate 64-bit. SP1. |
Rogue antivirus: a growing problem.
Quote: During the past two years we've written many times about programs which pretend to be something that they are not. The most notorious are rogue antivirus solutions – programs which display messages saying the victim machine is infected, even though it is not. These programs neither scan nor clean computers, and they are actually designed to persuade users that their computers are at risk and scare them into buying the "antivirus" product. Such programs are often referred to as "scareware": Kaspersky Lab classifies them as FraudTool, a subset of the RiskWare class.   FraudTool.Win32.SpywareProtect2009: the main windowSuch programs are extremely widespread and are increasingly used by cybercriminals. Whereas Kaspersky Lab detected about 3,000 rogue antivirus programs in the first half of 2008, more than 20,000 samples were identified in the first half of 2009. More - Viruslist.com - Rogue antivirus: a growing problem | My System Specs |
| System Manufacturer/Model Number LAPTOP. HP Pavilion dv7-4010TX .
OS Win 7 Ultimate 64-bit. SP1.
CPU Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory 8 DDR 3 RAM. 1066MHZ
Graphics Card ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays 17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution 1600 x 900.
Mouse Logitech Anywhere mouse. MX.
Case Laptop / notebook.
Hard Drives 640GB
Internet Speed ADSL [ but too slow ]
|
20 Nov 2009
|
#2 | |
|
I ran into 3 of those last night while searching google. The very first link I clicked on popped up a fake antivirus scan and then tried to download a file to my computer. The problem is getting very bad! | | My System Specs | | System Manufacturer/Model Number Self Build
OS Windows 7 Ultimate 64bit
CPU Intel Xeon 3110 (Same as Core 2 Duo E8400) 3.0Ghz @ 3.6Ghz
Motherboard Gigabyte EX38-DS4
Memory 8GB G. Skill PC2-8500
Graphics Card PALiT GeForce 9600 GT PCI Express 2.0
Sound Card OnBoard - Realtek ALC889A High Definition Audio
Monitor(s) Displays Dell 24" LCD
Screen Resolution 1920x1200
Keyboard Logitech
Mouse Logitech MX Laser
PSU Corsair HS620W
Case Lian Li PC-V1100b Plus II
Cooling Thermalright Ultra 120 eXtreme
Hard Drives Western Digital VelociRaptor WD3000GLFS - 300GB | Western Digital Caviar SE16 WD7500AAKS - 750GB | LaCie d2Next-Quadra external - 1TB
Internet Speed SLOW - HughesNet Satellite Internet - SUCKS!
|
20 Nov 2009
|
#3 | |
W7 x64 3rd Rock from the Sun |
Never install anything which isn't well known to you, simple.
If it's unfamiliar, and you're uncertain - Google it...  | | My System Specs | | System Manufacturer/Model Number Custom built machine
OS W7 x64
CPU Intel Q9300 2.5Ghz Quad LGA775 (Would like Q9650)
Motherboard Gigabyte GA-EP45T-UD3R (F6 Bios)
Memory 4Gb OCZ Gold 1,333Mhz
Graphics Card Palit HD4850 O/C Sonic 512Mb DDR3, Dual DViD's
Sound Card Azalia to twin Samson 50w Studio Monitors
Monitor(s) Displays Twin Dell (E-IPS) U2311H 23.6" Screens
Screen Resolution 1920 x 1080 @ 60Hz
Keyboard Cherry PS/2 custom model
Mouse Lenovo USB laser "Thinkpad" Mouse
PSU OCZ 600w
Case Lian-Li PC8 acoustifoamed' aluminium tower
Cooling Scythe 140mm Zipang
Hard Drives Crucial M4 SSD, archives on twin Western Digital Caviar Black WD2002FAEX, 2TB, 7200rpm HDD's, Samsung Ritemaster CD/DVD Burner...
Internet Speed ADSL2+ @14Mbps downstream & Cat6 Gigabit Ethernet
Antivirus NOD32
Browser Opera
Other Info Silicon Dust HD Homerun Dual FTA (Ethernet) TV Tuners, Dray Tek Vigor 2850Vn router and 8x HP Gigabit Switch. Lian-Li CR26 Card Reader, Canon MF4430 iSensys laser printer/scanner.
|
20 Nov 2009
|
#4 | |
Windows 7 Ultimate 32bit SP1 |
This stuff installs it'self .... you get it (if you're not properly secured) whether you want it or not!  | | My System Specs | | System Manufacturer/Model Number Bruce ... somewhere in his 40's
OS Windows 7 Ultimate 32bit SP1
CPU Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard INTEL/D975XBX2
Memory 4 GB
Graphics Card ATI Radeon HD 2600 Pro
Monitor(s) Displays Samsung SyncMaster 914v
Screen Resolution 1280 x 1024
Keyboard Standard PS/2 Keyboard
Mouse Microsoft PS/2 Mouse
PSU Rocketfish 700 W
Case G.Skill Gigabyte Chassis
Hard Drives 2/500GB each ... ST3500630AS ATA Device.
One is not connected
Internet Speed DSL
Antivirus Avira Internet Security
Browser IE 9
Other Info ATI HDMI Audio
|
20 Nov 2009
|
#5 | |
|
Quote: Originally Posted by Jacee  This stuff installs it'self .... you get it (if you're not properly secured) whether you want it or not! How does it execute without user consent? | | My System Specs | | System Manufacturer/Model Number Custom
OS Windows 7 RTM
CPU i7 920
Motherboard eVGA x58 SLi
Memory 6 GB Patriot
Graphics Card eVGA GeForce 275 GTX
Sound Card Soundblaster X-Fi Gamer
Monitor(s) Displays Acer 225Tw
PSU Corsair 750 W
Case Antec Twelve Hundred
Cooling Stock
Hard Drives WD 1 TB
|
20 Nov 2009
|
#6 | |
Windows 7 Ultimate 32bit SP1 |
"They are spread using the same methods use to distribute other malware: for instance, a Trojan-Downloader can secretly download such programs, or vulnerabilities in compromised/ infected sites can be exploited to perform a drive-by download." Viruslist.com - Rogue antivirus: a growing problem | | My System Specs | | System Manufacturer/Model Number Bruce ... somewhere in his 40's
OS Windows 7 Ultimate 32bit SP1
CPU Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard INTEL/D975XBX2
Memory 4 GB
Graphics Card ATI Radeon HD 2600 Pro
Monitor(s) Displays Samsung SyncMaster 914v
Screen Resolution 1280 x 1024
Keyboard Standard PS/2 Keyboard
Mouse Microsoft PS/2 Mouse
PSU Rocketfish 700 W
Case G.Skill Gigabyte Chassis
Hard Drives 2/500GB each ... ST3500630AS ATA Device.
One is not connected
Internet Speed DSL
Antivirus Avira Internet Security
Browser IE 9
Other Info ATI HDMI Audio
|
20 Nov 2009
|
#7 | |
|
Quote: Originally Posted by Jacee "They are spread using the same methods use to distribute other malware: for instance, a Trojan-Downloader can secretly download such programs, or vulnerabilities in compromised/ infected sites can be exploited to perform a drive-by download." Viruslist.com - Rogue antivirus: a growing problem Wow. That's scary, to be sure! Do drive-by downloads execute the downloaded programs automatically?
So, for instance, does this mean that if you view a trusted website that is unwittingly hosted malvertizement (i.e. compromised banner-ad on New York Times website a few weeks ago) you're done for? Is it impossible to prevent this kind of attack now, even from sites you trust? | | My System Specs | | System Manufacturer/Model Number Custom
OS Windows 7 RTM
CPU i7 920
Motherboard eVGA x58 SLi
Memory 6 GB Patriot
Graphics Card eVGA GeForce 275 GTX
Sound Card Soundblaster X-Fi Gamer
Monitor(s) Displays Acer 225Tw
PSU Corsair 750 W
Case Antec Twelve Hundred
Cooling Stock
Hard Drives WD 1 TB
|
20 Nov 2009
|
#9 | |
W7 x64 3rd Rock from the Sun |
Installs itself my@r$e... the sort of product being talked about is something like, say, 'Anti-virus 2009' which fools unsuspecting users into clicking on it and installing the file they download... these type of things are most definitely not 'driveby' malware...  | | My System Specs | | System Manufacturer/Model Number Custom built machine
OS W7 x64
CPU Intel Q9300 2.5Ghz Quad LGA775 (Would like Q9650)
Motherboard Gigabyte GA-EP45T-UD3R (F6 Bios)
Memory 4Gb OCZ Gold 1,333Mhz
Graphics Card Palit HD4850 O/C Sonic 512Mb DDR3, Dual DViD's
Sound Card Azalia to twin Samson 50w Studio Monitors
Monitor(s) Displays Twin Dell (E-IPS) U2311H 23.6" Screens
Screen Resolution 1920 x 1080 @ 60Hz
Keyboard Cherry PS/2 custom model
Mouse Lenovo USB laser "Thinkpad" Mouse
PSU OCZ 600w
Case Lian-Li PC8 acoustifoamed' aluminium tower
Cooling Scythe 140mm Zipang
Hard Drives Crucial M4 SSD, archives on twin Western Digital Caviar Black WD2002FAEX, 2TB, 7200rpm HDD's, Samsung Ritemaster CD/DVD Burner...
Internet Speed ADSL2+ @14Mbps downstream & Cat6 Gigabit Ethernet
Antivirus NOD32
Browser Opera
Other Info Silicon Dust HD Homerun Dual FTA (Ethernet) TV Tuners, Dray Tek Vigor 2850Vn router and 8x HP Gigabit Switch. Lian-Li CR26 Card Reader, Canon MF4430 iSensys laser printer/scanner.
|
20 Nov 2009
|
#10 | |
Windows 7 Ultimate 32bit SP1 |
Malicious code is inserted .... even if you click on the 'X' to close the pop-up window, a file has been dropped on the computer. anti-virus rants: what is a drive-by download? Virus Bulletin : Glossary - Drive-by download
One person mentioned to me that when a Rogue antivirus pop-up appeared on his machine, instead of closing it...he opened Task Manager and ended the process from there. We inspected his machine with a number of special malware tools and found that nothing malicious was installed. He was lucky! | | My System Specs | | System Manufacturer/Model Number Bruce ... somewhere in his 40's
OS Windows 7 Ultimate 32bit SP1
CPU Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard INTEL/D975XBX2
Memory 4 GB
Graphics Card ATI Radeon HD 2600 Pro
Monitor(s) Displays Samsung SyncMaster 914v
Screen Resolution 1280 x 1024
Keyboard Standard PS/2 Keyboard
Mouse Microsoft PS/2 Mouse
PSU Rocketfish 700 W
Case G.Skill Gigabyte Chassis
Hard Drives 2/500GB each ... ST3500630AS ATA Device.
One is not connected
Internet Speed DSL
Antivirus Avira Internet Security
Browser IE 9
Other Info ATI HDMI Audio
Rogue antivirus: a growing problem. problems? All times are GMT -5. The time now is 03:19 AM. |  |
