Courtesy of Panda Security.
This week’s PandaLabs report looks at a worm, a program for creating Trojans, and a new fake antivirus.
Windows Police Pro is a new example of rogueware.
As is typical of these fake antivirus programs, it tries to convince users that their systems are infected, being hacked, or contain vulnerabilities. Users that fall for the ruse are taken to a screen in which they are asked to enter their credit card details. This way, in addition to paying for a disinfection, they will never receive, they have also handed over confidential information to cyber-crooks.
Removal help for this nasty is further on in this article.
Vobfus.A is a worm that spreads through USB drives and shared folders. The first action it takes when run is to make a series of copies of itself in several directories and connect to certain Japanese Web pages, from which it downloads files related to adware.
When a USB device is connected, the worm creates a series of shortcuts through which the infected file – which is hidden – is run. It also creates an autorun file on the USB drive in order to spread. One interesting thing about this malicious code is that is makes certain modifications to the registry, installing language packets that allow the operating system to recognize characters in Chinese and Japanese.
Thanks to this, the worm can redirect the Internet browser to pages in Chinese, interpreting them and downloading files. It also creates a key in the registry to ensure it is run every time the system is started up.
KeyLogger.FT is a program for building keylogger Trojans.
These programs capture keystrokes and then send the information to an email account, with details about where the information has been entered. The Trojan builder lets users include features such as automatic activation on system restarts, or uninstallation on a certain date. It also includes the option to disable the Task Manager on the infected PC, or close it as soon as it is opened.
More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.
Windows Police Pro Removal:
If you have become infected by WinPolicePro, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.
If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.
The following free resources can provide tools and the advice you will need to attempt removal.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
411 Spyware – a site that specializes in malware removal. I highly recommend this site.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
