New
#1
I ran into 3 of those last night while searching google. The very first link I clicked on popped up a fake antivirus scan and then tried to download a file to my computer. The problem is getting very bad!
More -During the past two years we've written many times about programs which pretend to be something that they are not. The most notorious are rogue antivirus solutions – programs which display messages saying the victim machine is infected, even though it is not. These programs neither scan nor clean computers, and they are actually designed to persuade users that their computers are at risk and scare them into buying the "antivirus" product. Such programs are often referred to as "scareware": Kaspersky Lab classifies them as FraudTool, a subset of the RiskWare class.
Such programs are extremely widespread and are increasingly used by cybercriminals. Whereas Kaspersky Lab detected about 3,000 rogue antivirus programs in the first half of 2008, more than 20,000 samples were identified in the first half of 2009.
Viruslist.com - Rogue antivirus: a growing problem
I ran into 3 of those last night while searching google. The very first link I clicked on popped up a fake antivirus scan and then tried to download a file to my computer. The problem is getting very bad!
Never install anything which isn't well known to you, simple.
If it's unfamiliar, and you're uncertain - Google it...
This stuff installs it'self .... you get it (if you're not properly secured) whether you want it or not!
"They are spread using the same methods use to distribute other malware: for instance, a Trojan-Downloader can secretly download such programs, or vulnerabilities in compromised/ infected sites can be exploited to perform a drive-by download." Viruslist.com - Rogue antivirus: a growing problem
Wow. That's scary, to be sure! Do drive-by downloads execute the downloaded programs automatically?
So, for instance, does this mean that if you view a trusted website that is unwittingly hosted malvertizement (i.e. compromised banner-ad on New York Times website a few weeks ago) you're done for? Is it impossible to prevent this kind of attack now, even from sites you trust?
You want prevention before the fact .... You need a good Hosts file and and a program that prevents automatic Active X from downloading.
I use SpywareBlaster and SpywareGuard. Download and tutorials:
SpywareBlaster and SpywareGuard:
http://www.javacoolsoftware.com/products.html
Spyware Guard is a real-time malware scanner
SpywareBlaster tutorial:
http://www.bleepingcomputer.com/forums/Using_SpywareBlaster_to_protect_your_computer_from_Spyware_Hijackers_and_Malware-tut49.html
SpywareGuard tutorial:
http://www.bleepingcomputer.com/forums/Using_SpywareGuard_to_protect_your_computer_from_Spyware_and_Hijackers-tut50.html
You also need an active firewall program along with an updated antivirus and anti-spyware program.
Installs itself my@r$e... the sort of product being talked about is something like, say, 'Anti-virus 2009' which fools unsuspecting users into clicking on it and installing the file they download... these type of things are most definitely not 'driveby' malware...
Malicious code is inserted .... even if you click on the 'X' to close the pop-up window, a file has been dropped on the computer.
anti-virus rants: what is a drive-by download?
Virus Bulletin : Glossary - Drive-by download
One person mentioned to me that when a Rogue antivirus pop-up appeared on his machine, instead of closing it...he opened Task Manager and ended the process from there. We inspected his machine with a number of special malware tools and found that nothing malicious was installed. He was lucky!