News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
August 21, 2014, 19:55:18
Pages: 1 ... 3 4 [5] 6 7   Go Down
  Print  
Topic: Rogue anti-virus, anti-spyware, scareware, etc...  (Read 46478 times)
0 Members and 1 Guest are viewing this topic.
« Reply #60 on: May 20, 2011, 05:43:24 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Mac Fake AV...
- http://news.cnet.com/8301-27080_3-20064394-245.html
May 19, 2011 - "Macintosh users are being targeted with malware that poses as an antivirus warning and tries to trick people into paying for software they don't need. This ruse isn't new. So-called rogue antivirus has been hitting Windows machines for years. But this is the first time this type of malware has been written to target the much smaller Mac market... Mac Defender, also known as Mac Security and Mac Protector, is a fake antivirus program that is designed to scare people into thinking that their computers are infected with malware..."

- http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/

- http://download.cnet.com/8301-2007_4-20064445-12.html
May 19, 2011 - "... On any platform, rogue antivirus programs are resistant to standard program removal procedures. This means you can't just drag one to the trash..."
(More detail on removal procedures at the above URL.)
___

- http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-Update-1246693.html
20 May 2011 - "... Users of the Safari web browser should disable automatic file opening in Safari (Preferences -> General and uncheck "Open 'safe' files after downloading"). More importantly though, users should, when prompted for their user name and password, be asking themselves "what is requesting this information" and remembering that they are giving it privileges to modify their system..."

 Sad  Evil or Very Mad
« Last Edit: May 20, 2011, 12:06:46 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #61 on: May 25, 2011, 03:49:16 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Apple advisory on "MacDefender" malware
- http://isc.sans.edu/diary.html?storyid=10918
Last Updated: 2011-05-25 00:05:17 UTC

- http://support.apple.com/kb/HT4650
May 24, 2011 - "... Products Affected:
Mac OS X 10.4, Mac OS X 10.6, Mac OS X 10.5..."

Safari "Force Quit"
- http://support.apple.com/kb/ht3411

 Exclamation
« Last Edit: May 25, 2011, 03:51:58 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #62 on: May 26, 2011, 02:57:16 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

MacDefender variant changes tactics...
- http://isc.sans.edu/diary.html?storyid=10927
Last Updated: 2011-05-26 08:11:01 UTC - "MacDefender... has upped the ante with a new version according to Intego* that does not need to ask the user's password any longer... it's not using an exploit to avoid asking the right to write in the /Applications directory, it simply installs the software and activates it for the current use only. Since most macs are using only a single user that changes little for the malware. But it removes the pop-up for your password. Anybody in the admin group can write to the /Applications directory..."
* http://www.intego.com/news/new-mac-defender-variant-macguard.asp
May 25, 2011 - "... effective SEO poisoning has led many Mac users to this type of malware, and no administrator password is required to install this new variant..."

 Shocked  Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #63 on: May 31, 2011, 08:46:50 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Fake Firefox SCAM leads to scareware...
- http://nakedsecurity.sophos.com/2011/05/30/fake-firefox-warnings-lead-to-scareware/
May 30, 2011 - "... latest scam? They detect your user-agent string from your web browser and display a fake Firefox security alert if you are using the Mozilla Firefox web browser... Internet Explorer users get the standard "My Computer" dialog that appears to do a system scan inside their browser window... We are likely to continue to see these criminals targeting each operating system, browser and any other details that can be gleaned from HTTP requests sent from our devices. If you click the "Start Protection" button you will download the latest, greatest fake anti-virus program..."
(Screenshots available at the Sophos URL above.)

 Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #64 on: June 06, 2011, 12:09:35 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

FakeRean - turns hard-core ...
- http://sunbeltblog.blogspot.com/2011/06/fakerean-comes-of-age-turns-hard-core.html
June 06, 2011 - "FakeRean was initially discovered by Microsoft* a couple of years ago. Like all rogue AV families, it displays fake scanning results to users in an effort to dupe them into coughing up cash in order to register the software and clean their systems supposedly. This family also alters the infected system's registry quite extensively and drops lots of component and shortcut files, among other things. What sets FakeRean apart from the usual rogues is its ability to hijack a file association for executable (.EXE) files, which allows it to reappear every time an application is run... page is found on SourceForge.net, a prominent repository of open-source software, as a profile page... get a free but malicious software to download and run on your systems once you click -any- of the buttons there. This software is a PDF exploit that, once installed, drops and also installs FakeRean. We detect the exploit as Exploit.PDF-JS.Gen... This SourceForge profile URL, and some 100+ other varying Web page URLs, is contained on imonline(dot)nl(slash)ukabefijac... All URLs are -redirect- via seoholding(dot)com... Be extra careful, if not steer clear all together, when visiting online profiles hosted on -any- site that -looks- suspicious."
(Screenshots available at the sunbeltblog URL above.)
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fFakeRean

 Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #65 on: June 21, 2011, 03:10:15 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Malware campaign injects Java exploit code
- http://community.websense.com/blogs/securitylabs/archive/2011/06/20/malware-campaign-uses-direct-injection-of-java-exploit-code.aspx
20 Jun 2011 - "... detected a Rogue AV campaign that directly attacks the user's system instead of first redirecting to a dedicated attack server. Attackers usually compromise web pages to drive traffic to web servers hosting exploit kits. In this injection though, we see exploit code directly planted into legitimate pages... attacks an Oracle Java vulnerability (CVE-2010-4452) by exploiting a design flaw in the Java class loader to execute an unsigned Java applet with local user rights. The exploit affects Java Runtime Environment versions 6 Update 23 and earlier. It was addressed by Oracle with Update 24 in February 2011. In internal tests, we could confirm that the malicious applet would load in all popular browsers with built-in Java support like IE, Firefox, and Opera... The payload in this case is the nowadays ubiquitous Rogue Antivirus. In case you haven't already done so, don't forget to update your Java version* as soon as possible."
(Screenshots available at the Websense URL above.)
* http://www.java.com/en/download/index.jsp

 Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #66 on: June 23, 2011, 03:45:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

DoJ indictments - scareware distribution...
- http://www.fbi.gov/news/pressrel/press-releases/department-of-justice-disrupts-international-cybercrime-rings-distributing-scareware
June 22, 2011 - "... The first of the international criminal groups disrupted by Operation Trident Tribunal infected hundreds of thousands of computers with scareware and sold more than $72 million of the fake antivirus product over a period of three years. The scareware scheme used a variety of ruses to trick consumers into infecting their computers with the malicious scareware products, including web pages featuring fake computer scans. Once the scareware was downloaded, victims were notified that their computers were infected with a range of malicious software, such as viruses and Trojans and badgered into purchasing the fake antivirus software to resolve the non-existent problem at a cost of up to $129. An estimated 960,000 users were victimized by this scareware scheme, leading to $72 million in actual losses. Latvian authorities also executed seizure warrants for at least five bank accounts that were alleged to have been used to funnel profits to the scam’s leadership. A -second- international crime ring disrupted by Operation Trident Tribunal relied on online advertising to spread its scareware products, a tactic known as “malvertising.” An indictment unsealed today in U.S. District Court in Minneapolis charges the two operators of this scareware scheme with two counts of wire fraud, one count of conspiracy to commit wire fraud and computer fraud... avoid purchasing computer security products that use unsolicited “free computer scans” to sell their products. It is also important for users to protect their computers by maintaining an updated operating system and using legitimate, up-to-date antivirus software, which can detect and remove fraudulent scareware products..."

- http://www.theregister.co.uk/2011/06/23/fbi_scareware_arrests/
23 June 2011 - "... The Feds worked with police in Cyprus, Germany, Latvia, Ukraine, France, Romania, the Mounted Police in Canada and London's Met Police."

- http://www.theinquirer.net/inquirer/news/2081147/fbi-smacks-transatlantic-botnet
23 June 2011
___

Confiscated Servers Take Down Sites Unrelated to Investigation
- https://www.sans.org/newsletters/newsbites/newsbites.php?vol=13&issue=50#sID307
June 22, 2011

- http://krebsonsecurity.com/2011/06/72m-scareware-ring-used-conficker-worm/
June 23, 2011 - "... The New York Times reported* that dozens of Web sites were knocked offline when FBI officials raided a data center in Reston, Va. and seized Web servers. Officials from an affected hosting company told the Times that they didn’t know the reason for the raid, but the story suggested it may have been related to an ongoing investigation into a string of brazen intrusions by the hacktivist group “Lulzsec.” Sources close to the investigation told KrebsOnSecurity that the raid was instead related to the scareware investigation*. The FBI’s statement confirms the SBU’s estimate of $72 million losses, estimating that the scam claimed at least 960,000 victims. Although the FBI made no mention of Conficker in any of its press materials, the Ukrainian SBU’s press release names and quotes Special Agent Norman Sanders from the FBI’s Seattle field office, broadly known in the security industry as the agency’s lead in the Conficker investigation..."
* http://bits.blogs.nytimes.com/2011/06/21/f-b-i-seizes-web-servers-knocking-sites-offline/

 Shocked Evil or Very Mad
« Last Edit: June 27, 2011, 05:33:00 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #67 on: July 19, 2011, 22:29:12 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Google finds a million scareware infections...
- http://krebsonsecurity.com/2011/07/google-your-computer-appears-to-be-infected/
July 19, 2011 - "Google today began warning more than a million Internet users that their computers are infected with a malicious program that hijacks search results and tries to scare users into purchasing fake antivirus software... the malware apparently arrives on victim desktops as fake antivirus or “scareware” programs that use misleading warnings about security threats to trick people into purchasing worthless security software... The malware intercepts traffic destined for high profile domains like google.com, yahoo.com and bing.com, and routes it through intermediate hosts or “proxies” controlled by the attackers. The proxies are used to modify the search results that a victim sees for any given search term, and to redirect traffic to pay-per-click schemes that pay for traffic to specific Web sites. Fortunately, the traffic generated by the malware has a unique “signature” that Google is able to use to alert victims. Google is placing a prominent notification* at the top of victims’ Google search results; it includes links to resources to help remove the infection... the hard work will be in the cleanup: Search hijackers are notorious for blocking users from visiting antivirus Web sites or other popular sources of malware removal tools."
* http://krebsonsecurity.com/wp-content/uploads/2011/07/googhij.png
___

- http://googleonlinesecurity.blogspot.com/2011/07/using-data-to-protect-people-from.html
Updated July 20, 2011

 Evil or Very Mad Sad
« Last Edit: July 21, 2011, 02:05:19 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #68 on: July 25, 2011, 07:50:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Fake video codecs - with scareware
- http://threatpost.com/en_us/blogs/get-your-new-video-codecs-and-scareware-072511
July 25, 2011 - "... Most scareware programs rely on Web-based pop-ups that appear when a victim visits a site that has been compromised. The user sees a dialog box that typically looks a lot like the Windows security center interface informing him that his machine is full of scary sounding malware... The goal, of course, is to get the unwitting victim to click on the dialog box and install whatever rogue AV tool they're pushing and then get him to pony up for the license fee. Now, researchers at GFI Labs* have come across a new breed of rogue AV that takes a less direct route to the victim's wallet. This attack, which is related to the FakeVimes family of scareware that Google recently began warning users about, installs some files on users' machines, but doesn't immediately start demanding payment in return for fictitious security services. Instead, it waits for a victim to try to play a Web video..."
* http://sunbeltblog.blogspot.com/2011/07/fakevimes-infection-offers-up-home.html
"... a sample of some of the files found on the infected machine:
c:\Documents and Settings\All Users\Application Data\7f0924\VD7f0_2326.exe
c:\Documents and Settings\All Users\Application Data\ip\e.exe
c:\Documents and Settings\All Users\Application Data\ip\FRed32.dll
c:\Documents and Settings\All Users\Application Data\ip\instr.ini
c:\Documents and Settings\All Users\Application Data\ip\SmartGeare.exe
c:\Documents and Settings\All Users\Application Data\ip\spoof.avi
c:\WINDOWS\system32\c_726535.nls ..."

 Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #69 on: January 30, 2012, 04:22:01 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Rogue activity spikes ...
- https://blogs.technet.com/b/mmpc/archive/2012/01/29/when-imitation-isn-t-a-form-of-flattery.aspx?Redirected=true
29 Jan 2012 - "... Lately, we have seen a resurgence in rogue activity (one particularly obnoxious threat going by the name Security Defender – aka Win32/Defmid – has been making the rounds of late); rogue security programs attempt to trick users into paying for -fake- antivirus software... Think twice before handing over your credit card details to a third party you cannot verify – like one displaying pop-ups, or on the end of an unsolicited phone call."
(Screenshots available at the URL above.)

 Evil or Very Mad Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #70 on: March 02, 2012, 08:03:15 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Rogue rash ...
- https://blogs.technet.com/b/mmpc/archive/2012/03/01/a-rogue-by-any-other-name.aspx?Redirected=true
1 Mar 2012 - "Rogue:Win32/FakePAV reappeared about two weeks ago after a brief hiatus and since then we’ve been seeing variants with new names for themselves just about every day. The latest versions call themselves names like “Windows Threats Destroyer”, “Windows Firewall Constructor”, "Windows Attacks Preventor" and “Windows Basic Antivirus”... Each sample of FakePAV is distributed as a self-extracting RAR archive, which contains a second self-extracting RAR archive. This second, “inner” archive contains the rogue executable itself, but it is password-protected; simply trying to extract it without knowing the password doesn’t work... In the last few days they’ve started obfuscating these scripts, probably to make it harder for anti-malware scanners to detect them. Because RAR self-extractor scripts are stored as part of the archive comment, essentially anything that the self-extractor doesn’t recognize as an instruction is ignored, meaning pretty much any text can be added without changing the functionality... These kind of tactics are aimed at making it difficult for anti-malware scanners to look inside the malware’s distribution package, and they highlight the need for real-time malware protection. For the malware to work, the malicious executable has to be written to disk at which point real-time protection can not only detect it but stop it from being executed..."
(Screenshots available at the URL above.)

 Evil or Very Mad  Sad
« Last Edit: March 02, 2012, 08:05:15 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #71 on: March 05, 2012, 09:51:01 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Mass injection wave of WordPress sites - Rogue AV ...
- http://community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx
5 Mar 2012 - "... Websense... has detected a new wave of mass-injections... The majority of targets are Web sites hosted by the WordPress content management system. At the time of writing, more than 200,000 Web pages have been compromised, amounting to close to 30,000 unique Web sites (hosts). The injection hijacks visitors to the compromised sites and redirects them to rogue AV sites that attempt to trick them into downloading and installing a Trojan onto their computer. The injected code is very short and is placed at the bottom of the page, just before </body> tag... After a three-level -redirection- chain, victims land on a fake AV site. In this example, the first chain is the ".rr.nu", and the landing site is the ".de.lv" top-level domain, but the landing site keeps changing. The rogue AV site appears to perform a scan on the computer and scares the user by displaying fake malware detections of various kinds of Trojans. The page looks like a Windows Explorer window with a "Windows Security Alert" dialogue box in it. The fake scanning process looks like a normal Windows application, however, it is only a pop-up window within the browser. The fake antivirus then prompts visitors to download and run their "antivirus tool" to remove the supposedly found Trojans. The executable is itself the Trojan... more than 85% of the compromised sites are in the United States, while visitors to these web sites are more geographically dispersed*... while the attack is specific to the US, everyone is at risk when visiting these compromised pages..."
* http://community.websense.com/cfs-filesystemfile.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/securitylabs/6082.14507_5F00_CUST_5F00_GeoIP.png

> http://community.websense.com/cfs-filesystemfile.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/securitylabs/8182.FakeAV3.png
___

- http://community.websense.com/blogs/securitylabs/archive/2012/03/13/i-have-the-latest-wordpress-version-am-i-protected.aspx
13 Mar 2012 - "... We checked several aspects of each of these compromised websites and concluded that most of them are served by Apache webserver and PHP environment*...
* http://community.websense.com/cfs-filesystemfile.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/securitylabs/2844.WordPress_5F00_ditribution1s.png
... WordPress still serves the majority of the compromised websites; however, we did see a small amount of other CMS as well. We also noticed that an increasing number of Joomla sites** are also affected, with all other content managers making up a tinier slice...
** http://community.websense.com/cfs-filesystemfile.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/securitylabs/3404.WordPress_5F00_ditribution2s.png
... having the latest version of WordPress does not make you immune to this threat...
> http://community.websense.com/cfs-filesystemfile.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/securitylabs/1263.WordPress_5F00_ditribution3s.png
... some of the dominant attack vectors that websites using the latest WordPress version are likely to be exploited through:
• Weak passwords / stolen credentials
• Vulnerable third-party modules used in WordPress
• Security holes in the underlying server infrastructure, such as in the database server or the server side scripting engine (PHP in this case)..."

 Evil or Very Mad Evil or Very Mad
« Last Edit: March 14, 2012, 07:04:19 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #72 on: March 15, 2012, 05:00:58 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Rogue AV tweaked every 12 to 24 hours to avoid detection
- http://www.gfi.com/blog/vipre%C2%AE-report-for-february-2012-rogue-av-remains-a-popular-threat-tactic/
Mar 13, 2012 - "... the trend that criminals behind bogus AV software are now distributing via spam that has links to sites where users can be further infected with the Blackhole exploit..."
http://www.gfi.com/page/117487/gfi-labs-tracks-resurgence-of-fake-antivirus-programs-plaguing-businesses-and-consumers
Mar 09, 2012 - "... Rogue AV programs are continually tweaked in an attempt to avoid detection, with newer variants of these malicious applications propagating every 12 to 24 hours... Trojans once again dominated the list, taking -half- of the top 10 spots..."
Top 10 Threat Detections for February
- http://www.gfi.com/content/cmsimages/top10detections-21084.png

 Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #73 on: March 24, 2012, 13:46:45 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

Flash-based Fake AV - drive-by exploits and SPAM
- http://www.symantec.com/connect/blogs/flash-based-fake-antivirus-software-windows-risk-minimizer
23 Mar 2012 - "... relatively new fake antivirus application called Windows Risk Minimizer. The -fake- antivirus software was promoted through spam sent from a popular webmail service. This is slightly unusual as normally fake antivirus infections arrive through drive-by exploits. Spam messages promoting the fake antivirus software contained links to compromised domains, which then -redirected- users to the fake antivirus site. We witnessed over 300 compromised domains being used in just a few hours. When opening the fake antivirus site, the user is greeted with a JavaScript alert message, whereby the fake antivirus (referred to here as "Windows Secure Kit 2012") claims that your machine is infected... The page uses Flash making it look more convincing with realistic icons, progress bars, and dialog boxes. Unsurprisingly, the fake antivirus detects plenty of viruses. Decompressing the Flash file and analyzing it shows a huge list of files contained within it. The Flash movie then simply picks some of these at random and claims they are infected (with equally random virus names). Once the scan is complete, a Windows Security Alert dialog appears with a summary of the scan. This dialog can be moved around the screen and (for reasons unknown) the different infections can be selected and unselected... To avoid getting infected with fake antivirus software, ensure you keep your operating system, Web browser, and antivirus software up-to-date with all security patches..."
(Screenshots available at the URL above.)

 Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #74 on: April 13, 2012, 05:20:06 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8212



FYI...

New Fake AV scareware attempts to extort Torrent users
- http://www.theregister.co.uk/2012/04/13/scareware_ransonware_hyrbrid/
13 April 2012 - "Security researchers have discovered a strain of fake anti-virus software that tries to intimidate supposed file-sharers* into paying for worthless software. SFX Fake AV, first detected by freebie antivirus scanner firm Malwarebytes, blends the features of scareware with those more associated with ransomware Trojans. The malware stops any legitimate anti-virus package from running on compromised PCs, something common to other other scareware packages. But this particular strain of malware goes further than this by stopping Process Explorer (procexp.exe) and preventing browsers from loading – tactics designed to force marks to complete the ‘input credit card details’ screen and hand over money for the scamware... SFX Fake AV, first detected by freebie antivirus scanner firm Malwarebytes, blends the features of scareware with those more associated with ransomware Trojans. The malware stops any legitimate anti-virus package from running on compromised PCs, something common to other other scareware packages... the malware also performs a fake scan that classifies Windows Registry Editor as a porn tool. Bruce Harrison, VP Research at Malwarebytes, said: "SFX Fake AV is morphing at a relatively fast rate, so it is something that signature-based vendors will have to watch out for as there will be an increasing number of variants in the wild. Also, the use of Dropbox as a delivery mechanism is a something that the industry is going to have to take into account and protect against, as it is an emerging trend."
* http://regmedia.co.uk/2012/04/12/torrent_alert_scareware.jpg

 Evil or Very Mad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 ... 3 4 [5] 6 7   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.633 seconds with 20 queries.