Category: Scareware

Personal Antivirus just scareware

Paul10 Replies

I was going through checking a site brought to my attention from a reader and I went there and yep he told me it might be [intlink id=”3114″ type=”post”]scareware[/intlink] and it was:

mailware-live-pro-scanv1-1

If you click “Cancel” or “Ok” you will still get to this page:

mailware-live-pro-scanv1-2

[ad]It is on the Malicious site : http://maleware-live-pro-scanv1.com.  You can also see it tries to scare you with the tactic of  knowing your IP address and where you are in the world, it’s called Geo-ip Location.   It tries to convince you have a virus, but in reality it is just trying to scam you out of money.   Although if you go to the site you will see that there is no company information.  That is the first clue this is a scam or scareware.

Personal Antivirus gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices.   This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by.   This software is fake ware, it tries to tell you have a virus and that they can get rid of it.   In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question.   Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

*[intlink id=”4403″ type=”post”]Personal Antivirus Scareware Site and How to Remove it[/intlink]*

Threat to System : Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware. Most of the time if you have one Trojan, you usually have more.  Personal Antivirus has been know to have some type of program installed on the system in question and should be removed.

I recommend :

[ad#SUPERAntiSpyware]

On a side not, if you are wondering why I think I know I am not infected with these virus for those who are probably asking that question is because I already have a [intlink id=”2205″ type=”page”]dependable free anti-virus[/intlink] software installed.  Don’t forget to visit the Forums for other ways to watch for spyware or scareware.   I will always recommend buying antivirus software from vendors you know and not ones that are fly by the night scams.

Spyware : Michelle Obama’s Ta’s Ta’s Video

Paul1 Reply

I love this one, I was reading the Sans Report about Michelle Obama Ta’s Ta’s on Video.  I wanted to investigate this a little further so I went searching around.  I found some comment spam links to a site I will not talk about the links directly.  The site however had a fake video on it :

michelleobamatoplessfake

It looks like if you hit Cancel or Details it keeps trying to tell you need to install an ActiveX Object.   It also makes the user think that there is only one option to use right now.   As you can tell  it makes you think you can’t cancel or get details but I did.  I tried to cancel and it kept on popping up trying to get you to install this active X installer.   AVG detects it as:

michelleobamatoplessfake1

[ad]This proves the fact that any Anti-virus software is better than nothing at all.   I also  have talked in the past about [intlink id=”2991″ type=”post”]fake codecs and how they are used maliciously[/intlink] to spread malware to people who aren’t up to the job.   I didn’t take long to find Phrases such as “Michelle Obama Topless” or “Michelle Obama Topless Video” to find spam comments linking to sites that are hosting these types of malware.  It seemed that in order to get out of the cycle with the Malware site, I had to do a CLT-ALT-DELETE and End the process of Internet Explorer process from Task manager.  It was an infinite loop and could not be closed any other way.  upon trying to go the link again it seems to be a random redirection every time you visit that site the next time I went there, I had a scare message pop up telling me:

michelleobamatoplessfake2

As you can tell this [intlink id=”3397″ type=”post”]pops up with scareware[/intlink] instead of the video and tries to tell you have a virus and you should run a free scan from the site of their choice.   This is an old tactic and still being used but funny if you look at that message one you know it is from a “Webpage” and two there are at least one grammar error?  Can you see it?

You’re best bet is not to go clicking on links that people have left in comments.   I am so glad I have moderation turned on and I have to approve each and every post someone comments on.   This is the only way I know how to prevent from being used in the spam campaign.  Remember it is time to update your [intlink id=”2205″ type=”page”]Anti-virus and Firewall [/intlink]if you don’t already have it.  Don’t forget to visit the Forums and help discuss this problem in detail.

Scareware sites to pop up with Swine flu epidemic

Paul

This was to be expected when it comes to something that most people are worried about:

I’m sure it won’t be long before purveyors of rogue anti-virus products begin using search engine optimization techniques around the term “swine flu” to drive people to sites that try to scare people into buying the worthless software.

[Via Security Fix]

[ad#cricket-right-ez]

I am sure myself that this will undoubtedly start showing up in SEO routines.  This will most likely be like the Pifts.exe [intlink id=”3114″ type=”post”]scareware that popped up after the scare[/intlink].

This is just a matter of time before  someone tries to either sale you something or trick you into watching a video that supposed to be helpful.  The Video will most likely try telling you need to [intlink id=”2991″ type=”post”]install a fake codec or update Flash[/intlink].

Your best advice is if you get to a site that wants you to install something just to hit the back button or close down your browser.   Never install software from a site you just game to without doing a little research.

I would also assume that there would be [intlink id=”2970″ type=”post”]scareware sites that will pop up in search engines[/intlink] to scare you into buying fake anti-virus software, claiming you have a virus.  You can bet in no time flat that there will be some kinda of search term that will want to scare the user into buying something that really isn’t.   I would always recommend the [intlink id=”2205″ type=”page”]free versions of Anti-virus[/intlink], if you can’t afford the paid.  This way you are safer then if you didn’t have any anti-virus.   I’d Also recommend a [intlink id=”2205″ type=”page”]Free Firewalls[/intlink] also to help protect your computer from contacting any malicious site without your knowledge.

Be on the lookout for sites that do this, you can also discuss sites you have seen that have done this in my Forums this way you can help other users out and prevent people from being scammed.

Conficker Gets a new Look : Spyware Protector 2009

Paul3 Replies

Looks like the Conficker Worm has changed directions according to Viruslist:

One of the files is a rogue antivirus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido, detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[See Pictures of website at Viruslist.com]

[ad#cricket-right-ez]From my understanding of this worm, it seems to be trying to [intlink id=”3114″ type=”post”]scareware tactic[/intlink] trying to get you to pay $49.95 to remove these threats. F-secure has also seen this worm and thinks this is doing what the Waldec virus is doing by becoming a spambot. According to Eset, the botnet is larger than most and this could create a problem in the future.  It seems that it used the p2p to distribute this update so they could bypass the domain blocks that were in place.

I will tell you this, if you get the warnings you are infected by all means go to my [intlink id=”2205″ type=”page”]Malware resource page[/intlink] and do a scan from the trusted sources.   I will update as I get more information on this little development.

Fake Scareware Sites Popup after the Pifts.EXE Conspiracy

Paul

There Seems to Be a Fake site that are popping up today right after what happened with PIFTS.EXE. I just happen to Google it to see what people are talking about and this appears on the front page.

Not a real site!!

As you can see this leads to a server in Poland and once you go to it you see:

Not a real virus scanner

I will be reporting this to Phishtank. This is scareware which means  there is no real VIRUS because and you
Should never believe the screens when you see something like this. According to Wikipedia:

[ad#ad2-right]Some websites display pop-up advertisement windows or banners with text such as: “Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below.” These websites go as far as saying that a user’s job, career, or marriage would be at risk. Products using advertisements such as these are often considered scareware. serious scareware applications qualify as Rogue software.
[Via Wikipedia]

So if you are worried you have a virus or think you have a virus I would advise you to download one of the free Many anti-virus software and firewall. This is nothing new with the companies who are doing this but don’t buy anything because people are trying to scare you into thinking you have a virus. That rarely is a valid software and you should use the ones that you trust. If you find a site like that please report them to Phishtank and other sites that way we can protect everyone who goes there.