Posts tagged as:

Rogue

FBI warns consumers about rogue security programs

by certifiedbug on December 16, 2009

in Scareware Rogues

Press Release December 11, 2009.

The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software that looks authentic.

The message may display what appears to be a real-time, anti-virus scan of your hard drive. The scareware will show a list of reputable software icons; however, you can’t click a link to go to the real site to review or see recommendations. Cyber criminals use botnets—collections of compromised computers—to push the software, and advertisements on websites deliver it. This is known as malicious advertising or “malvertising.”

Once the pop-up warning appears, it can’t be easily closed by clicking the “close” or “X” buttons. If you click the pop-up to purchase the software, a form to collect payment information for the bogus product launches. In some instances, the scareware can install malicious code onto your computer, whether you click the warning or not. This is more likely to happen if your computer has an account that has rights to install software.

Downloading the software could result in viruses, malicious software called Trojans, and/or keyloggers—hardware that records passwords and sensitive data—being installed on your computer. Malicious software can cause costly damages for individual users and financial institutions. The FBI estimates scareware has cost victims more than $150 million.

Cyber criminals use easy-to-remember names and associate them with known applications. Beware of pop-up warnings that are a variation of recognized security software. You should research the exact name of the software being offered. Take precautions to ensure operating systems are updated and security software is current. If you receive these anti-virus pop-ups, close the browser or shut down your computer system. You should run a full anti-virus scan whenever the computer is turned back on.

If you have experienced the anti-virus pop-ups or a similar scam, notify the Internet Crime Complaint Center (IC3) by filing a complaint at www.ic3.gov.

Pop-Up Security Warnings Pose Threats

http://certifiedbug.com/blog/category/scareware-rogues/

{ 0 comments }

MSRT November Threat Reports

by certifiedbug on November 24, 2009

in Microsoft

Microsoft Malware Protection Center

  • Out of these prevalent threat families worldwide, 8 are password stealers collecting online game credentials, online banking passwords or other user identities of users’ online accounts.
  • 8 of them are fake security products or trojan downloaders for rogues. The MSRT now covers the following most high profile rogues

o Win32/FakeVimes
o Win32/PrivacyCenter
o Win32/FakeScanti
o Win32/FakeSecsen
o Win32/FakeXPA
o Win32/Yektel
o Win32/Winwebsec
o Win32/InternetAntivirus
o Win32/FakeSpypro
o Win32/FakeRean

  • 5 are trojan downloaders or droppers, a threat category which is often an infection vector to deliver drive-by malware to the victims’ computers.
  • Win32/Koobface is still on top 25 though it has dropped out of top 10. Online Social Network sites such as Facebook continues to boost their security hardening to protect their customers and we welcome their actions.
  • Win32/Zlob had dropped out of the list in recent months after being extremely prevalent for almost three years. We observed that the Zlob authors appeared to move to somewhere else in our Oct 2008 blog and Jan 2009 blog.

The TaterF worm, an online game password stealer, took the lead so far this month being removed by MSRT from 239,870 machines.

Certifiedbug November 3, 2009.
Microsoft Security Intelligence Report volume 7
According to the SIR report the number of machines infected with TaterF has increased to 4.9 million in the first half of this year. That’s up from 2 million machines in the second half of last year.

{ 0 comments }

FTC Shuts Down Rogue Internet Service Provider, Pricewert LLC

June 4, 2009

Press release
A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the [...]

Read the full article →

advancedprotectionscanner.com et al-rogues deployed

March 22, 2009

The Russian Business Network affiliate involved has established a front company, autonomous system AS48669 NTCOLO-AS NTCOLO, and has been allocated 510 unique IP addresses. AS48669 consists of 105 malware domains, 19 domain name servers, 8 mail servers and 3 fraudulent payment processors.
List of current IPs Secure Home Networks

Read the full article →

Drop for Rogue ‘Internet Antivirus Pro’ Gotscan, user4scan

March 16, 2009

Redirect from gotscan.com to user4scan.com. <– Do not go to either.

Received typical scareware warnings, rogue was not detected by my anti virus program. The installer repeatably failed, popping up the same windows and freezing the browser.
Domain Name: USER4SCAN.COM
IP Location: Germany – Berlin – Berlin – Netdirekt E.k
Registration Service Provided By: SELLOUT.NAME
Creation Date: 12-Mar-2009
Expiration [...]

Read the full article →

New Rogue XpyBurner

February 9, 2009

Scareware Spyburner becomes XpyBurner.

From EULA.
C. Some of our products may be unsuited to run with other software. We have the right to uninstall incompatible products. We will notify our customers before uninstalling such products. A customer cannot claim a refund if the reason is a requisition or removal of conflicting software.
Coexistence of some products may [...]

Read the full article →

New Rogue-Total Defender

January 26, 2009

An interesting thing we noticed is that the Rogue did not attempt to scare us into purchasing it, rather telling us that the computer was secure after the scan. The Rogue authors are probably doing this to keep a high amount of Rogue installations active for the purposes of data theft or for hire [...]

Read the full article →

2009sites3.biz-AntiVirus 2009 Rogue Infector

January 13, 2009

Continually blog spammed by 2009sites3.biz I googled for hits.

Bestantivirusdefence.com
ICANN Registrar: BIZCN.COM, INC.
Created: 2009-01-03
Expires: 2010-01-03
Updated: 2009-01-10
Name Server: NS1.EUROPEGIGABYTE.COM
Name Server: NS2.EUROPEGIGABYTE.COM
Name Server: NS3.EUROPEGIGABYTE.COM
IP Address: 75.126.175.232
Domain Status: Registered And No Website

Clicking ‘Cancel’ or trying to close by hitting the X won’t stop it.

Of course that Microsoft Security Warning has nothing to do with Microsoft, it is [...]

Read the full article →

powerfulvirusremover2008 Rogue Security Program

November 27, 2008

Also named virusremover2008.

From the EULA.

Lack of viruses? You mean aside from what they install or the fake scan results.
As to “uninstalling products”, the mind boggles. Legitimate security programs that detect this rogue?

32 infections on a clean machine, uh huh…
“Virusremover2008 may have detected programs that may compromise your privacy or damage your computer”. [...]

Read the full article →

Rogue Security Program email scam

October 23, 2008

Victims report a rogue named ‘Spybot 2009′ received in the form of email spam posing as an application upgrade. The scam is playing off the trademark name of the well known antispyware program, Spybot-S&D.
Be warned you may also see websites offering the fake, rogue program Spybot 2009.
Screenshots of the rogue at a blog containing [...]

Read the full article →

← Previous Entries