Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

New Rogue Uses Fake PC Magazine Review

Yesterday, the good folks at BleepingComputer posted removal instructions for a rogue antivirus (please see, Internet Plague – Rogue Antivirus) that is demonstrating a new behavior…

Quote: “Anti-virus-1 is a new rogue anti-spyware program from the same family as Antivirus 2010 and Antivirus 360. This program is promoted primarily through two methods. The first is through the use of advertisements that pretend to be online anti-malware scanners. These advertisements go through what appears to be a scan of your machine and then when finished, state that your computer is infected and that you should download Anti-virus-1 to protect yourself.

Remember, though, that this is just an advertisement and it has no way of knowing what is running on your computer. The second method that is used to promote this rogue is through the use of Trojans. When certain Trojans are installed on your computer they will display security alerts stating that your computer is infected or that you have some other security risk. When you click on these alerts, it will download and install Anti-virus-1 onto your computer…”

But that is not the new part, the new behavior adds entries to your HOSTS file so that if you go to any of a number of technology sites, including pcmag.com, you are instead brought to their site and are shown the malware author’s content. This content includes a doctored PCMag review of their fake anti-malware product.

For more on the story, click here.
And for removal instructions, click here.

A big tip of my geek hat to BleepingComputer.

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

February 19, 2009 - Posted by | advice, anti-spyware, antivirus, computers, cyber crime, Internet scam, News, phraud, security, tech | , , , , , , , , , , , , , , , , , , , , , , , ,

6 Comments »

  1. This shows, once again, why folks need to LOCK their hosts file. There are lots of applications which make it easy to do this, including WinPatrol and Spybot Search & Destroy (both free).

    BM

    Like

    Comment by Bill Mullins | February 19, 2009 | Reply

    • An excellent point. I thank you sir. Most anti-spyware programs have some form of “browser guard”, so the malware is hoping the victim is unprotected, or it has -as a first step – disabled the antivirus/anti-spyware it has found onboard.

      Since I use a fairly modern version of Windows (NTFS file system), I just navigate to it and right-click > select Properties > and place a check in the “read only” box.
      (The Windows Search tool will help you locate the HOSTS file.)

      Like

      Comment by techpaul | February 19, 2009 | Reply

  2. Yes, an excellent suggestion. Windows is a very capable system.

    Now the challenge is, to convince users to do as you have recommended.

    BM

    Like

    Comment by Bill Mullins | February 19, 2009 | Reply

    • Well you and I are both trying – by presenting the information in a friendly way – on a daily basis. (Your website has been seen by not quite a million people now. I congratulate you sir!) As are many other writers.

      But just the other day I looked up “how many people use the Internet”, and most sources say over 1.5 billion (today, only to grow). And most experts agree that 80-90% of all those people are “computer illiterate”.
      And the PC has been around for almost 30 years. As have advice writers.

      It is my opinion that the average person simply hasn’t the time, the interest, nor the inclination to listen to “geek”, much less try to decipher it, and even less to try to implement it. Some solution has to be found that takes the responsibility for a secure computer, connecting to a safe Internet, out the user’s hands. Time has proven that only 10% or so will even try to “lock down” something on their machine. (Fear stops a lot who otherwise might be willing.. I imagine.)

      Like

      Comment by techpaul | February 19, 2009 | Reply

  3. I agree, not many people will listen to “geek”, as you so rightly point out.

    On the other hand, you write in a manner that presents “geek” information in an “ungeek” way.

    Your readers are extremely lucky that you make such a great effort to help them deal with the intricacies of their computers.

    Keep slogging – your faithful readers depend on you.

    BM

    Like

    Comment by Bill Mullins | February 19, 2009 | Reply

    • Thank you. If we didn’t believe that educating users wasn’t an essential element of any solution … I guess we’d be blogging about our other activities and hobbies.
      (Yes folks, I do have other interests.)

      Like

      Comment by techpaul | February 19, 2009 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: