Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

New Rogue Uses Fake PC Magazine Review

Yesterday, the good folks at BleepingComputer posted removal instructions for a rogue antivirus (please see, Internet Plague – Rogue Antivirus) that is demonstrating a new behavior…

Quote: “Anti-virus-1 is a new rogue anti-spyware program from the same family as Antivirus 2010 and Antivirus 360. This program is promoted primarily through two methods. The first is through the use of advertisements that pretend to be online anti-malware scanners. These advertisements go through what appears to be a scan of your machine and then when finished, state that your computer is infected and that you should download Anti-virus-1 to protect yourself.

Remember, though, that this is just an advertisement and it has no way of knowing what is running on your computer. The second method that is used to promote this rogue is through the use of Trojans. When certain Trojans are installed on your computer they will display security alerts stating that your computer is infected or that you have some other security risk. When you click on these alerts, it will download and install Anti-virus-1 onto your computer…”

But that is not the new part, the new behavior adds entries to your HOSTS file so that if you go to any of a number of technology sites, including pcmag.com, you are instead brought to their site and are shown the malware author’s content. This content includes a doctored PCMag review of their fake anti-malware product.

For more on the story, click here.
And for removal instructions, click here.

A big tip of my geek hat to BleepingComputer.

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

February 19, 2009 Posted by | advice, anti-spyware, antivirus, computers, cyber crime, Internet scam, News, phraud, security, tech | , , , , , , , , , , , , , , , , , , , , , , , , | 6 Comments

Is that anti-spyware program really spyware?

Over the 200+ articles I have written, I have tried to help educate people about the dangers we face in this era of ‘always-on’ Internet connections — such as hackers, cyber-criminals, phishing, and malware — and offered advice on how to get protected.
Yesterday, and continuing on into today, I have been assisting a client in trying to rid their machine of malware (trojans, worms, etc.) infection and to do so short of wiping their drive and starting over. Folks, you do not want to let this stuff onto your machine. Part of this person’s problem was they were tricked into installing a rogue anti-spyware program.. which in fact infected their machine. So I have decided that I will re-post my article on such applications, in case you missed it the first time. Originally titled “25 years since the first virus”, it appeared 9/12/07–

Time marches on.. twenty five years ago a High School freshman wrote the first “true” virus, and distributed it to his friends (via floppy disk) as a practical joke. That the “Elk Cloner” virus was harmless, and the young man went on to become a heavyweight in the computing industry, allows us to bear him no ill will. If it hadn’t have been him, it would’ve been someone else; there were “experimental” viruses written before his.

Those of you who have been around for a while may remember the evolution of viruses: from a harmless prank to system destroyers to profit-centric spyware. Security experts generally agree to the important historical malware events as being as follows: Elk Cloner, 1982; Brain, 1986; Morris, 1988; Melissa, 1999; Love Bug, 2000 (aka ILOVEYOU); Code Red, 2001; Blaster, 2003; and Sasser, 2004. (For a much more complete history of viruses, worms, and trojans, click here.) (Today, we have the Storm worm in the news.)

Today, the business of keeping data and communications safe from viruses and other malware is a $38 billion dollar industry.. and growing. Yes, a lot has changed in twenty five years: I have gray in my hair now, for one.

Tip of the day: Beware of “rogue” anti-spyware programs. There is so much money to be made off of stealing corporate data, identities, and sending spam that the malware writers have created spyware that claims to prevent spyware. You think you’re installing a spyware remover, but you’re not. You are actually installing their malware.
Some claim to give you an anti-spyware scan for free, and they “discover” a critical infection (again bogus) which, if you buy the “Professional” version, they’ll clean up for you. Please, Dear Reader, never fall for this. The quality anti-spyware programs are well-known and are routinely rated and compared by reputable sources like PC World and PC Magazine and C/Net.
[Note: there is an excellent list of know rogue anti-spyware apps posted on Spyware Warrior.]

One such program is currently sending a few people my way for assistance, named Spy Shredder. There is plenty about this nasty on the Internet. Most reputable anti-spyware utilities will detect and remove this (see today’s free link as well) item. The people infected with it (who contacted me) had no protections except an antivirus, and it was kind of hard to feel sorry for them. There is no excuse, in this day and age, to not be running Internet Security programs. Full Internet Security Suites are easy to find that are free after rebate, after all.

For those of you looking here to find out how to remove Spy Shredder, I suggest you click on the word “anti-spyware” in my Tag Cloud, download and run the anti-spyware programs I have suggested in the “Today’s free links” area (always at the bottom of Tech-for Everyone articles), as well as today’s — do not try the manual removal methods found at other websites unless you’re a skilled and experienced Registry editor.

[Update 4/5/08: Bill Mullins has just posted a wonderful article on rogue anti-spyware programs which includes a list of known villians, and a tool useful for removing them (prevention is better, but..). http://billmullins.wordpress.com/2008/04/05/don%e2%80%99t-download-antispywaremaster-%e2%80%93-rogue-security-software/. I also recommend looking at his How Fake/Rogue Software Affects Real People]

Today’s free link: SpyCatcher Express from Tenebril. From website:

  • Allows novice PC users to remove aggressive spyware
  • Stops next-generation, mutating spyware
  • Blocks reinstallation of aggressive spyware
  • Removes spyware safely and automatically  

    • Copyright 2007 © Tech Paul, All Right Reserved

     

     

     

    Share this post :

    February 6, 2008 Posted by | advice, anti-spyware, computers, how to, PC, rootkits, security, tech, Windows | , , , , , , , , , , , , | 7 Comments