Ghost Antivirus, TwittWorm.A, Sinowal.WTF – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a worm, a Trojan and a new fake antivirus.

Further on in this article, you’ll find instructions for removing Ghost Antivirus.

TwittWorm.A:

TwittWorm.A is a worm that uses Twitter and Messenger in order to spread, sending a malicious message to all contacts of the infected user.

These messages appeal to the curiosity of users, with subjects such as “I just got a piercing and you’ll never guess where! Take a look at the photo. 😉  ” or “You’re going to be mad at me for sending you this photo, but you NEED to see it :3”.

The worm edits the registry so the system cannot be restored or started in safe mode. It also makes a series of changes to the host file to prevent users from accessing certain Web pages, particularly those related to antivirus companies.

Another feature is; it prevents the running of certain programs for viewing active processes, or monitoring network traffic. Twittworm.A also spreads through USB devices, creating an autorun.inf to automatically infect computers on connection. To protect these types of devices, Panda Security has launched Panda USB Vaccine, which can be downloaded free.

Sinowal.WTF:

Sinowal.WTF is a keylogger Trojan, designed to capture keystrokes with an aim to stealing passwords and other information from infected systems. This Trojan reaches computers through an email claiming to have been sent from MySpace.

The message warns victims about a change to the user’s password and contains a .zip file attachment which supposedly contains the new password. The attached file, once extracted, has an Excel icon, but is really malware. When run, the system is infected and the icon disappears.

Ghost Antivirus:

Ghost Antivirus is a new strain of fake antivirus. As with other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist.

If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction.

This way, as well as obtaining money for a service that will never be provided,
cyber-crooks steal users’ credit card details.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources, can provide tools and the advice you will need to attempt removal of Ghost Antivirus .

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Live Pc Care, Desktop Defender 2010, APcDefender Fake Antiviruses – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at three fake antiviruses: Live PC Care, Desktop Defender 2010 and APcDefender.

Live PC Care:

As usual with these malicious codes, first it carries out a fake scan of the infected user’s computer, and then claims the system is infected. It asks the user to purchase a license (of a fake antivirus), at a very attractive price to resolve this issue.

If users purchase it, they will have paid for fraudulent software. This fake antivirus stands out because of the way it spreads, as it uses Black Hat SEO techniques, exploiting the launch of Google’s Nexus One phone, and the Haiti earthquake. Thanks to these techniques, it manages to include malicious malware-downloading links in search engines’ top results.

Desktop Defender 2010:

Desktop Defender 2010 also makes users believe their computers are
infected, and prompts users to purchase the product.

APcDefender:

Finally, APcDefender uses the same techniques. It is a fake antivirus program that falsely informs users they have dangerous software on their computer.

It tries to fool users by offering them its own anti-malware solution to solve the
problems it claims to have detected, and invites them to purchase the software using their credit cards.  This way, in addition to stealing users’ money, it also obtains their credit card details.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources can provide tools and the advice you will need to attempt removal of these parasites.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PC Live Guard and GreatDefender – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two fake antiviruses: PC Live Guard, and GreatDefender.

This type of malware passes itself off as legitimate software applications in order to steal users’ money, by tricking them into believing that they will eliminate threats on their computers.

PC Live Guard’s icon resembles a legitimate antivirus icon. When run, a typical screen is displayed, asking users if they want to scan their PCs.

Regardless of whether users accept or not, it will indicate their computer is infected. Here is the image that will be displayed if users scan their PC

If users do not scan their PC with the fake antivirus, infection warnings are still displayed to scare them into purchasing the product.

GreatDefender is a fake antivirus which informs about potentially dangerous software on the computer, due to it not being correctly protected. It tries to get users to pay with their credit cards in order to install the solution.

The objective of the antivirus is to collect personal and bank details provided by users on purchasing it. As this type of malware cannot reproduce itself, it requires user interaction to infect the PC. To do so, it uses its own websites on which it is advertised as one of the best anti-spyware solutions in the market.

When users access the website, they are given the option to download the antivirus, but when they try, the trial version is unavailable and they are redirected to the pay version.

The installation process is similar to that of any antivirus, allowing users to select the language and location of the files. Once the installation ends, the fake antivirus carries out a full system scan.

It then falsely ensures users that their computers are free from any infections. To make users believe they are protected, an icon is displayed in the Windows desktop, the quick taskbar and the Windows start menu, to make it look as authentic as possible.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

GreatDefender and PC Live Guard removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Safety Antispyware and Internet Security 2010 – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two new fake antiviruses and a Trojan.

Safety Antispyware and Internet Security 2010 are malicious programs that try to pass themselves off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats that actually do not exist.

Safety Antispyware: Safety Antispyware tricks users by warning them their computers are infected by (non-existent) threats, prompting them to buy a program to remove them.

This program can be downloaded from the vendor’s site. The link can also reach users through spam messages, fraudulent Web pages, etc. The fake antivirus shows an icon similar to that of real antivirus programs. Once installed, the program interface opens and runs a full system scan looking for malware.

Then, it shows a series of messages prompting the targeted user to buy the product. If the user decides to follow the program instructions to get rid of the
‘threats’, they will be asked to enter an activation code and be redirected to a website to buy the product.

Internet Security 2010: Once run, Internet Security 2010 scans the computer for malware. However, this is a fake scan that always reports that the computer is infected. Then, it offers users the possibility of disinfecting the computer.

As the fake antivirus version is supposedly a trial version, users are first requested to buy the antivirus license. To this end, the malware opens the user’s Internet browser on the fake antivirus purchase page.

To reassure users that the purchase is safe and the antivirus is legitimate, it shows certificates of authenticity and claims to have been tested by McAfee. It even offers the antivirus license for a long time, apparently at a good price.

If the user decides not to purchase the antivirus, it will keep running and displaying warnings about the threats the user is exposed to if they remain infected and do not update the antivirus. These warnings are displayed in two ways: through warnings on the toolbar or on-screen pop-up messages.

For more information about this type of malware read “The Business of Rogueware“, a report on fake antivirus programs written by Luis Corrons and Sean-Paul Correll, PandaLabs researchers.

Banker.MAI: Banker.MAI is banker malware aimed at stealing banking data, credentials and/or credit card details when users try to log in to their online banking services.

This malware goes memory resident and does not show any symptoms that warn of its presence on the affected computer. The malware works in the background, waiting to be run, and send or receive data.

Banker.MAI arrives as a self-extracting RAR file attached to an email message, usually with the subject “Comprovante Deposito-29092009”. This email message appears to come from a legitimate banking institution, and asks the user to open the attached file to enter some necessary data. If the user opens the file they will become infected. The malware creator is notified via email whenever a computer is successfully infected.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Antispyware and Internet Security 2010 removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

AntiTroy Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a new fake antivirus and two Trojans.

Removal help for AntiTroy fake antivirus, follows later in this article.

AntiTroy is a new fake antivirus. This type of malware passes itself off as legitimate security applications in order to steal users’ money, by tricking them into believing that they will eliminate threats – that in reality do not exist.

As soon as AntiTroy is installed, a warning is displayed, indicating the
computer is in danger. It then simulates a system scan reporting a series of infections to scare users into buying the fake  antivirus solution.

When the scan ends, AntiTroy displays a window offering a solution which requires activating the fake antivirus. However, to activate the product, users must pay a fee to the supposed anti-malware vendor.

After this, users receive a code they must enter in the program. Once they do this, the malicious code stops displaying warnings about threats. This aims to
make users believe they have actually bought an antivirus product, whereas, in reality no infection has been removed and users are no more protected than they were before.

Apart from paying for a non-existing solution, the bank details entered could be stolen by cyber-crooks.

Banbra.GMH is a banker Trojan. It is usually inserted in an email that claims to contain photos of a party.

On downloading, the supposed photo, a file called “convite.zip” is downloaded, which contains an executable with the same name.

When run, it simulates an error claiming the program to view the photo must be closed, and it then stops running. Before doing so however, it releases another executable and a DLL.

This second executable will be started in each user session and will register the DLL as an Internet Explorer plug-in, creating two files from which it collects  bank details entered by the user in the browser, to be sent to cyber-crooks later on.

Finally, Kates.D is a Trojan that modifies the Windows settings. It blocks access to websites, redirecting users to another site and monitors network traffic. Additionally, it searches for and ends processes related to antiviruses and computer security programs.

Kates.D is difficult to recognize, as it does not display any messages, or warnings, that indicate it has infected the computer.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

AntiTroy Removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Straight From PandaLabs – Malware to Watch for in 2010

Button up your overcoat and get your rain gear ready; it’s going to get stormy! PandaLabs has released its 2010 forecast of computer threat trends for 2010.

Cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

Being aware of Internet threats is critical to your security on the Internet, so that you can protect yourself and stay ahead of the curve. Knowledge truly is a critical necessity to ensure your personal safety on the Internet.

The following PandaLabs forecast can help you get ready for the malware threats expected in 2010.

Courtesy of Panda – PandaLabs Forecast: 2010 Computer Threat Trends

• Fake antivirus, bots and banker Trojans will continue to increase
• Cyber-criminals will keep fine-tuning their social engineering skills to trick victims
• More malware will be created for Windows 7 and Mac operating systems
• The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009.

As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination.

Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus (rogueware), bots and banker Trojans.

Social Engineering Continues to Rise
Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc.  It is always a good idea to be suspicious any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

Watch Out Windows 7
Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Mobile Phone Attacks – Not Yet!
Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone – the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android, and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

Mac Becoming Increasingly Attractive to Cyber-Criminals
Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive.

Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware.

These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009 we have already seen some attacks, and predict there are more to come in 2010.

Cyber war
Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion –as yet unapproved- pointing at North Korea. In 2010 we can expect to see similar politically-motivated attacks.

Securing the Cloud
Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

Cloud Antivirus Technology on the Rise
2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware.

In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ransom.K, Bifrost.GEN and Safety Center Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at two Trojans and a new fake antivirus.

Bifrost.GEN is a backdoor-type Trojan whose objective is to go resident, concealing its presence and displaying no visible symptoms. The malware inserts its code into Internet Explorer and runs it in the background, leaving an open connection to await instructions from the attacker to access the infected computer.

The second Trojan we are looking at today is Ransom.K. It reaches computers with an icon that resembles an application Help file and encrypts the code of the .TXT, .DOC, .XLS and .JPG files detected on the computer, using a file it downloads called CryptLogFile.txt. Additionally, it replaces the desktop wallpaper with a message asking users to pay for the credentials for decrypting the code.

This type of extortion is known as “ransomware”. The solution to this problem
is simple, and involves deleting the CryptLogFile.txt file from C:\Windows and re-running the Trojan. When it can’t find the file with the list of documents, it will automatically return the files it encrypted to their original status.

Finally, Safety Center is a new fake antivirus. It is presented as an unregistered multi-tool product.

It asks users to purchase the license by registering online in order to use or update all the tools. On reaching computers it carries out a fake hard-disk scan, displaying false infections to trick users. If victims fall for the trap and pay, they will not only be paying for a fraudulent product, but will also have their bank details exposed.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Center Removal:

If you have become infected by Safety Center, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

SafeFighter Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

PandaLabs’ report this week focuses on two Trojans, and a new fake antivirus.

SafeFighter is a new fake antivirus.

Like other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist. If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction. This way, as well as obtaining money for a service that will never be provided, cyber-crooks steal users’ credit card details.

Removal help for this nasty is further on in this article.

Spammer.ANT is a Trojan that passes itself off as a Microsoft program.

Once run, it copies itself to the system and loads itself to memory under the name reader_s.exe. It then carries out remote connections and spams users, trying to get them to believe the messages received are from an online store.

It has a compressed file attachment with an executable called open.exe. When opened, AntivirusPro2010 is installed on the computer (a fake security solution we have discussed in the past).

The other Trojan in this report is Sinowal.WOE.

It reaches computers through email, and passes itself off as a Microsoft Word document. Once installed, it collects as much information as it can from the infected user.

Additionally, when the user opens the browser, the Trojan connects to a server where Sinowal.WOE stores the victim’s information, and downloads the AntivirusPro2010 fake security solution.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

SafeFighter and AntivirusPro 2010 Removal:

If you have become infected by AntivirusPro 2010, SafeFighter, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Click here to download free SUPERAntiSpyware to remove AntiVirusPro 2010.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

AntivirusPro 2010 – PandaLabs Takes a Look

Courtesy of Panda Security.

PandaLabs’ report this week focuses on two banker Trojans and a fake antivirus.

This week, Panda Security takes a look at AntivirusPro 2010. Once the user is infected with this malware a warning appears informing the user that the computer is infected.

Soon after, a false scan is run.

The scan results claim that the PC is full of malware, and frequent pop-ups are
displayed. This fake antivirus tries to get users to register and for what it
claims is an ‘antivirus service’.

Since this antivirus is a fake antivirus, users end up paying for a product that does not exist, as well as revealing their bank details to cyber-crooks.

Removal help for this nasty is further on in this article.

Trj/Nabload.DNU is a banker Trojan designed to download several Trojans that steal the bank details entered by users on their systems. When the file is run, an image is displayed on the screen, so users do not see the malware being downloaded.

While a video related to the image is displayed on the screen, the Trojan attempts to download the other banker malware from a URL.

Banker Trojan, Trj/SilentBanker.D, modifies users’ bank transfer details, so that cyber-crooks receive the transfer instead of the intended recipient.

When being run, it is deletes itself and it appears that there have been no modifications to the system. It does not display messages or infection warnings on the computer. Once the computer is infected, it connects to several Windows APIs and uses them to fulfill its designed purpose.

While the Trojan intercepts bank transfers and modifies the details, users are displayed a false Web page that resembles the original, with the details they have entered. On confirming the operation, users are unwittingly sending the money to the cyber-crook’s account.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

AntivirusPro 2010 Removal:

If you have become infected by AntivirusPro 2010, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Click here to download free SUPERAntiSpyware to remove AntiVirusPro 2010.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Million New Threats in Three Months – PandaLabs’ Quarterly Report

Courtesy of Panda Security.

PandaLabs’ Quarterly Report – Record-breaking quarter for hackers.

PandaLabs has released its quarterly report detailing cyber-threat activity from July to September. The full report can be downloaded from Panda.

The major story this quarter is that hackers have broken all records when it comes to creating new threats: Over the last three months, PandaLabs has recorded five million new strains of malware. Most of these were banker Trojans, although adware and spyware have also increased.

“We are currently receiving some 50,000 new examples of malware everyday, this compares to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.

In terms of the number of computers infected, there has been a 15% rise compared to the previous quarter. In more than 37% of cases, the culprits were Trojans, while adware was responsible for 18.68% of all infections. This category in particular has been expanding largely due to the major proliferation of fake antivirus programs, or rogueware.

This report also notes the trends analyzed over the last quarter. PandaLabs has detected a major growth in the distribution of malware through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages from which malware is downloaded.

These methods for propagating malware often use social engineering, exploiting a range of current issues such as swine flu, Independence Day, forest fires or speeches of Barack Obama.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.