Scare Tactics
The shadow Internet economy is worth over $105 billion. Online crime is bigger than the global drugs trade√. No country, no person, no business and no government is immune from CyberCrime.
Currently there is an epidemic of fake anti-malware software on the Internet– which is collectively called “rogue anti-malware“. Marketed under hundreds of different names, such as VirusRemover 2008 and Antivirus XP 2009, this type of rogue software scares people by giving false alarms, and then tries to deceive them into paying for removal of non-existing malware.
This video (produced by the good folks at WOT) shows what happens when a legitimate site gets infected and redirected to one of these bogus anti-malware scams.
Yes, folks, legitimate websites are being ‘hacked’.
The people behind this scourge use many different ways to try to entice you to click– realistic looking pop-up windows appear, offers of “free trials” arrive in e-mail, and “free scan” buttons on legit-looking ‘fight malware’ websites.. the means are quite varied!
As this video shows, the user is tricked into (scared into, really) providing their credit card # to clean infections that weren’t there before they clicked and aren’t really there now.
* The ‘false positives’ are not “cleaned” BUT, more adware and spyware is installed.
* A good percentage of my calls at Aplus Computer Aid are folks needing help with getting rid of these rogues. Because these clever programs use the latest techniques to combat removal, and it can be quite tough — if not impossible — to truly remove them.. without formatting your hard-drive.
* For more, please read Is that anti-spyware program really spyware?
* One Website dedicated to combating this epidemic is Spyware Warrior. It has a pretty good list of known rogues, and much more detailed information. Another excellent resource is Bleeping Computer.
* I have written several How-To’s on protecting yourself from malware, and how to clean your machines as well. Click here to see those titles.
√ From the new MessageLabs whitepaper. (This eye-opening report provides a disturbing look into the ‘dark’ world of cyber-crime. This link is the online version.. you need to scroll a bit..)
Today’s free download: WOT is a free Internet security addon for your browser. It will help keep you safe(r) from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky Website. It’s easy and it’s free.
- Ratings for over 20 million websites
- Downloaded 1 million times
- The WOT browser addon is light and updates automatically
- WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.
- Settings can be customized to better protect your family
- WOT Security Scorecard shows rating details and user comments
Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Every good story needs a villain
This story opens gently enough. It begins with a friendly and helpful Comment posted on a friendly and helpful blog.
Someone had written to share “the results of their work”, which he said “solved his security problems.” He was talking about viruses and spyware, and other malware, and he said his method “covers 99.8%! of all known threats.”
He posted his advice/Comment on an article about How To prevent the dangers posed by spyware (and also warns about “rogue” anti-spyware programs). He signed himself “Spycrasher”.
So far, this all sounds pretty good, doesn’t it? 99.8% effective certainly sounds good.
As you have probably deduced, Dear Reader, the “friendly and helpful blog” in question was this one. Tech–for Everyone, like most blogs, provides readers the opportunity to respond, ask a question, or just “put in their two cents”, simply by clicking on “Comments” at the bottom of the article. And also like most blogs, I have the ability to “moderate” which comments get posted and which don’t– for instance, Comments containing offensive language will not be published.
Spycrasher’s 99.8%- effective security solution will NOT be seen here.
But.. maybe you’re a little curious as to what it was. And.. maybe, why I deleted it. (Take another peek at today’s title..) “Spycrasher’s” comment said to use three particular anti-spyware programs– in tandem– and he provided download links. (This, alone, triggers red flags.) He mentioned two tools I was not familiar with, and one rather well-known program.
* Hyperlinks are always suspicious (and blocked as a matter of policy), and the first thing I checked was, did the links point to legitimate websites..? Or would clicking on them take you to a poisoned webpage (which could infect your machine) or a pharming site.
No problem there. The links he provided did indeed point to real websites.
* The next thing was to check out the unknown programs themselves. No self-respecting and legitimate tech writer will advocate something they have not used, and tested, themselves. Period.
In my initial research of the first program (XoftSpy-SE), I found a wide range of reviews and comments.. from “this is rogue” to “this is the best thing since sliced bread”, and I learned that the program was “for pay”.
I don’t promote “for pay” software here (but do provide a daily free download), nor, even potentially rogue app’s; and so I stopped right there. I would not allow Spycrasher’s Comment.
* Being the gentleman that I am, I decided to write Spycrasher and thank him for his submission, and explain why I had moderated it. But before I did, I wanted to get a feel for where he was coming from.. so I ran a Whois on his IP…
Now, I gotta tell you.. it is very rare for ARIN to come back with a “no match found”. Very, very strange.
So I traced him.
New York >London >Amsterdam >Berlin >Warsaw…
And then he disappears into a virtual private network somewhere in the Ukraine.
Odd.
* So I used a search engine to find instances of the word “Spycrasher”… and he came up a lot. Spycrasher likes to post in various forums. Quite a few of them, actually. Like, practically all of them.
And he posts a lot of Comments there.
* Guess what? They are all identical to the the one he posted (I should say “pasted”) on mine.. right down to the ‘wink’ smiley ;-).
Very.. odd.
Tip of the day: Be very leery of hyperlinks, folks.. and please understand: not every innocent looking thing you see on the Internet is in fact “friendly and helpful”. There are people whose full-time job it is to try to trick you, and seduce you into doing something you normally wouldn’t.
I am very sad to say.
[note to bloggers/forum moderators/webmasters: you may want to search your published pages for instances of “Spycrasher”, and delete this guy.]
Today’s free link: I am going to repost a program here today, because I have it on every single one of my (Windows) machines, and I think you should too. ThreatFire (originally named “CyberHawk”) is a free, behavior-based anti-malware application. I use it as a supplement to my antivirus and other anti-spyware tools. Heuristic tools like ThreatFire are your only defense against “zero day” exploits.
Copyright 2007-8 © Tech Paul. All rights reserved*.
post to jaanix
| Share this post : |  |
|
|
|
|
|
|
|
|
|
|
|
Is that anti-spyware program really spyware?
Over the 200+ articles I have written, I have tried to help educate people about the dangers we face in this era of ‘always-on’ Internet connections — such as hackers, cyber-criminals, phishing, and malware — and offered advice on how to get protected.
Yesterday, and continuing on into today, I have been assisting a client in trying to rid their machine of malware (trojans, worms, etc.) infection and to do so short of wiping their drive and starting over. Folks, you do not want to let this stuff onto your machine. Part of this person’s problem was they were tricked into installing a rogue anti-spyware program.. which in fact infected their machine. So I have decided that I will re-post my article on such applications, in case you missed it the first time. Originally titled “25 years since the first virus”, it appeared 9/12/07–
Time marches on.. twenty five years ago a High School freshman wrote the first “true” virus, and distributed it to his friends (via floppy disk) as a practical joke. That the “Elk Cloner” virus was harmless, and the young man went on to become a heavyweight in the computing industry, allows us to bear him no ill will. If it hadn’t have been him, it would’ve been someone else; there were “experimental” viruses written before his.
Those of you who have been around for a while may remember the evolution of viruses: from a harmless prank to system destroyers to profit-centric spyware. Security experts generally agree to the important historical malware events as being as follows: Elk Cloner, 1982; Brain, 1986; Morris, 1988; Melissa, 1999; Love Bug, 2000 (aka ILOVEYOU); Code Red, 2001; Blaster, 2003; and Sasser, 2004. (For a much more complete history of viruses, worms, and trojans, click here.) (Today, we have the Storm worm in the news.)
Today, the business of keeping data and communications safe from viruses and other malware is a $38 billion dollar industry.. and growing. Yes, a lot has changed in twenty five years: I have gray in my hair now, for one.
Tip of the day: Beware of “rogue” anti-spyware programs. There is so much money to be made off of stealing corporate data, identities, and sending spam that the malware writers have created spyware that claims to prevent spyware. You think you’re installing a spyware remover, but you’re not. You are actually installing their malware.
Some claim to give you an anti-spyware scan for free, and they “discover” a critical infection (again bogus) which, if you buy the “Professional” version, they’ll clean up for you. Please, Dear Reader, never fall for this. The quality anti-spyware programs are well-known and are routinely rated and compared by reputable sources like PC World and PC Magazine and C/Net.
[Note: there is an excellent list of know rogue anti-spyware apps posted on Spyware Warrior.]
One such program is currently sending a few people my way for assistance, named Spy Shredder. There is plenty about this nasty on the Internet. Most reputable anti-spyware utilities will detect and remove this (see today’s free link as well) item. The people infected with it (who contacted me) had no protections except an antivirus, and it was kind of hard to feel sorry for them. There is no excuse, in this day and age, to not be running Internet Security programs. Full Internet Security Suites are easy to find that are free after rebate, after all.
For those of you looking here to find out how to remove Spy Shredder, I suggest you click on the word “anti-spyware” in my Tag Cloud, download and run the anti-spyware programs I have suggested in the “Today’s free links” area (always at the bottom of Tech-for Everyone articles), as well as today’s — do not try the manual removal methods found at other websites unless you’re a skilled and experienced Registry editor.
[Update 4/5/08: Bill Mullins has just posted a wonderful article on rogue anti-spyware programs which includes a list of known villians, and a tool useful for removing them (prevention is better, but..). http://billmullins.wordpress.com/2008/04/05/don%e2%80%99t-download-antispywaremaster-%e2%80%93-rogue-security-software/. I also recommend looking at his How Fake/Rogue Software Affects Real People]
Today’s free link: SpyCatcher Express from Tenebril. From website:
Copyright 2007 © Tech Paul, All Right Reserved
| Share this post : | |
 |
|
|
|
|
|
 |
|
|
|
|
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 
Some not so friendly advice*
This story opens gently enough. It begins with a friendly and helpful Comment posted on a friendly and helpful blog.
Someone had written to share “the results of their work”, which he said “solved his security problems.” He was talking about viruses and spyware, and other malware, and he said his method “covers 99.8%! of all known threats.”
He posted his advice/Comment on an article about How To prevent the dangers posed by spyware (and also warns about “rogue” anti-spyware programs). He signed himself “Spycrasher”.
So far, this all sounds pretty good, doesn’t it? 99.8% effective certainly sounds good.
As you have probably deduced, Dear Reader, the “friendly and helpful blog” in question was this one. Tech–for Everyone, like most blogs, provides readers the opportunity to respond, ask a question, or just “put in their two cents”, simply by clicking on “Comments” at the bottom of the article. And also like most blogs, I have the ability to “moderate” which comments get posted and which don’t– for instance, Comments containing offensive language will not be published.
Spycrasher’s 99.8%- effective security solution will NOT be seen here.
But.. maybe you’re a little curious as to what it was. And.. maybe, why I deleted it. (Take another peek at today’s title..) “Spycrasher’s” comment said to use three particular anti-spyware programs– in tandem– and he provided download links. (This, alone, triggers red flags.) He mentioned two tools I was not familiar with, and one rather well-known program.
* Hyperlinks are always suspicious (and blocked as a matter of policy), and the first thing I checked was, did the links point to legitimate websites..? Or would clicking on them take you to a poisoned webpage (which could infect your machine) or a pharming site.
No problem there. The links he provided did indeed point to real websites.
* The next thing was to check out the unknown programs themselves. No self-respecting and legitimate tech writer will advocate something they have not used, and tested, themselves. Period.
In my initial research of the first program (XoftSpy-SE), I found a wide range of reviews and comments.. from “this is rogue” to “this is the best thing since sliced bread”, and I learned that the program was “for pay”.
I don’t promote “for pay” software here (but do provide a daily free download), nor, even potentially rogue app’s; and so I stopped right there. I would not allow Spycrasher’s Comment.
* Being the gentleman that I am, I decided to write Spycrasher and thank him for his submission, and explain why I had moderated it. But before I did, I wanted to get a feel for where he was coming from.. so I ran a Whois on his IP…
Now, I gotta tell you.. it is very rare for ARIN to come back with a “no match found”. Very, very strange.
So I traced him.
New York >London >Amsterdam >Berlin >Warsaw…
And then he disappears into a virtual private network somewhere in the Ukraine.
Odd.
* So I used a search engine to find instances of the word “Spycrasher”… and he came up a lot. Spycrasher likes to post in various forums. Quite a few of them, actually. Like, practically all of them.
And he posts a lot of Comments there.
* Guess what? They are all identical to the the one he posted (I should say “pasted”) on mine.. right down to the ‘wink’ smiley ;-).
Very.. odd.
Tip of the day: Be very leery of hyperlinks, folks.. and please understand: not every innocent looking thing you see on the Internet is in fact “friendly and helpful”. There are people whose full-time job it is to try to trick you, and seduce you into doing something you normally wouldn’t.
I am very sad to say.
[note to bloggers/forum moderators/webmasters: you may want to search your published pages for instances of “Spycrasher”, and delete this guy.]
Today’s free link: I am going to repost a program here today, because I have it on every single one of my (Windows) machines, and I think you should too. ThreatFire (originally named “CyberHawk”) is a free, behavior-based anti-malware application. I use it as a supplement to my antivirus and other anti-spyware tools. Heuristic tools like ThreatFire are your only defense against “zero day” exploits.
Copyright 2007-8 © Tech Paul. All rights reserved*.
post to jaanix
July 2, 2008 Posted by techpaul | advice, computers, tech | blogging, comment spam, Ex-Soviet, fraud, hackers, hyperlinks, Internet scammers, RegistryCleaner2008.exe, rogue anti-spyware, scam alert, Spycrasher, UniGrey Antivirus | 2 Comments