Courtesy of Panda Security: This week’s PandaLabs report looks at a worm, a Trojan and a new fake antivirus.
Further on in this article, you’ll find instructions for removing Ghost Antivirus.
TwittWorm.A is a worm that uses Twitter and Messenger in order to spread, sending a malicious message to all contacts of the infected user.
These messages appeal to the curiosity of users, with subjects such as “I just got a piercing and you’ll never guess where! Take a look at the photo. 😉 ” or “You’re going to be mad at me for sending you this photo, but you NEED to see it :3”.
The worm edits the registry so the system cannot be restored or started in safe mode. It also makes a series of changes to the host file to prevent users from accessing certain Web pages, particularly those related to antivirus companies.
Another feature is; it prevents the running of certain programs for viewing active processes, or monitoring network traffic. Twittworm.A also spreads through USB devices, creating an autorun.inf to automatically infect computers on connection. To protect these types of devices, Panda Security has launched Panda USB Vaccine, which can be downloaded free.
Sinowal.WTF is a keylogger Trojan, designed to capture keystrokes with an aim to stealing passwords and other information from infected systems. This Trojan reaches computers through an email claiming to have been sent from MySpace.
The message warns victims about a change to the user’s password and contains a .zip file attachment which supposedly contains the new password. The attached file, once extracted, has an Excel icon, but is really malware. When run, the system is infected and the icon disappears.
Ghost Antivirus is a new strain of fake antivirus. As with other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist.
If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction.
This way, as well as obtaining money for a service that will never be provided,
cyber-crooks steal users’ credit card details.
The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.
The following free resources, can provide tools and the advice you will need to attempt removal of Ghost Antivirus .
411 Spyware – a site that specializes in malware removal. I highly recommend this site.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue, or malicious, software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.