Tag Archives: Rogue Software

Scareware Video Codecs – Another Money Maker For The Bad Guys

imageScareware and Rogue applications (essentially one and the same), once installed, are usually in the victim’s face with an immediate demand for money. Pay me nownot later, is a common theme encountered by those unlucky enough to be trapped.

The ever creative malware clan though, which seems to be always tinkering with delivery methods, has just released a combo threat in an effort to enhance what is already a mature and lucrative business model.

This time around, the bad guys have combined the ever popular missing codec scam (see – Video Codecs – Gateways to Malware Infection – March 2010), with the more usual “Hey, you’re infected” scareware shakedown.

Initially, the unlucky victim gets the usual blunt, and very convincing warning – much like the one below.

image

Courtesy – GFI.

You’ll notice, that unlike the usual “click here to buy” or similar come-on, the potential victim is simply instructed to “Remove all” Trojans. Sounds pretty upfront don’t you think? OK, maybe not to you as an experienced user but, what about your friends/relatives who aren’t as aware as you are? The sad reality is – the victims continue to pile up.

Unfortunately, clicking on “Remove all”, will install a series of malware infected files. The (innocent?) victim will not notice that he’s just been bamboozled – not yet. The victim won’t get the “but wait, there’s more” message, until the time comes to play a Web video.

image

Courtesy – GFI.

And then – booom. Time to pay – as shown in the following screen shot.

image

Courtesy – GFI.

Worth repeating:

If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

There is an epidemic of rogue software on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

Some good advice from popular guest writer Mark Schneider – “My general rule of thumb for video is: If VLC won’t play it don’t bother.”

So that you can avoid the “missing codec scam”, and to ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Codecs, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Security Alerts, Online Safety, Rogue Software, scareware, Software, trojans, Windows Tips and Tools

To Watch This Video You Need To Install A Codec – DON’T DO IT!

image

If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

A favorite method used by cyber criminals to drop malware on unsuspecting users’ computers, is the requirement that you must first download a “missing” codec, to enable viewing.

If you’re curious, or you’re not convinced that this is a potentially dangerous scenario – go ahead and click. But, before you do, make sure you have:

A current backup CD/DVD, or other media, containing your irreplaceable files – you’re probably going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

It’s possible of course, that you may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature database recognizes the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

Consider this: Currently there is an epidemic of so called “rogue software”, on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

As the following screen captures illustrate, there is a wide variance in these invitations to install a missing, or “required” codec.

image

image

image

image

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

Don’t be the type of person who clicks indiscriminately at every opportunity to do so. If you do, I guarantee you – your computer will be infected within minutes.

To ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Audio Software, Codecs, cybercrime, Don't Get Hacked, downloads, Freeware, Malware Advisories, Rogue Software, scareware, Software, Utilities, Video Tools, Windows Tips and Tools

Video Codecs – Gateways to Malware Infection

image If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

A favorite method used by cyber-criminals to drop malware on unsuspecting users’ computers, is the requirement that you must first download a “missing” codec, to enable viewing.

If you’re curious, or you’re not convinced that this is a potentially dangerous scenario – go ahead and click. But, before you do, make sure you have:

A current backup CD/DVD, or other media, containing your irreplaceable files – your probably going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

It’s possible of course, that you may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature database recognizes the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

Consider this: Currently there is an epidemic of so called “rogue software”, on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

As the following screen captures illustrate, there is a wide variance in these invitations to install a missing, or “required” codec.

image

image

image

image

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

Don’t be the type of person who clicks indiscriminately at every opportunity to do so. If you do, I guarantee you – your computer will be infected within minutes.

To ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

18 Comments

Filed under cybercrime, Digital Media, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Advisories, Media Players, Online Safety, Rogue Software, Software, Video, Viruses, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP, worms

Patrick Swayze’s Death – An Opportunity For Hackers

Dirty Dancing star Patrick Swayze, as most people are now aware, passed away several days ago, and it hasn’t taken long for cyber crooks to use this to advantage. Cybercriminals have jumped on this information, and are already exploiting this sad event.

Searching for news of Swayze’s death has multiple risks attached, including the risk of landing on an infected web site, which can lead to the downloading of “scareware” – fake security software.

Scareware is now recognized, by security experts, as the single most profitable money maker for cybercriminals, with thousands of users falling victim to scareware scams every day.

Cybercriminals are experts at exploiting our natural curiosity surrounding current events, and by focusing on this aspect of social engineering, they are increasingly creating opportunities designed to drop malicious code, including rootkits, password stealers, Trojan horses, spam bots, and of course scareware, on our computers.

If an event is newsworthy, or it’s titillating in any way, you can be sure cybercriminals are exploiting it for their own advantage. A case in point: Serena Williams’ disgraceful behavior at the US Open, is currently been used by cybercriminals to trap victims into downloading rogueware.

I highly recommend that you watch the following YouTube video (courtesy of Sophos), which illustrates just how easy it is for the bad guys to trap unprepared computer users into downloading rogue software.

clip_image001

Save yourself from being victimized by scareware, or other malware, and review the following actions you can take to protect your Internet connected computer system:

  • When surfing the web – Stop. Think. Click
  • Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on your computer.
  • Install a personal firewall on your computer.
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
  • Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Malware Advisories, Online Safety, Rogue Software, scareware, System Security, trojans, Viruses, Windows Tips and Tools

Scareware Not Swine Flu – An Epidemic Nevertheless!

Cyber crooks are continuing to develop and distribute “rogue software”, also known as “scareware’,  at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet.

Unless you have had the bad experience of being trapped by this type of malicious software, you may not even be aware that such a class of software even exists. The average computer user that I speak with informally, has no idea that rogue applications even exist.  But they do, and distribution has now reached virtual epidemic proportions on the Internet.

It’s all about the money:

Rogue software is software that uses malware, or malicious tools, to advertise or install itself. After the installation of rogue software, false positives; a fake or false malware detection warning in a computer scan, are a primary method used to convince the unlucky user to purchase the product.

Rogue security software can write itself into multiple parts of the operating system, and in many cases it can hide its files, registry entries, running process and services, making the infection, in many cases, virtually impossible to find and remove.

As well, the installation of such malware can lead to a critically disabled PC, or in the worst case scenario, allow hackers access to important personal and financial information.

(Current Internet infections – courtesy of Panda Security)

The highest rated articles on this Blog, in the last 12 months, have been those associated with this type of malicious software. It’s easy to see why.

So how much money is really involved here? Lots -according to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through rogueware attacks.

image

(An example of a current rogue security application)

Recently, a reader of this Blog made the statement “These people (cyber criminals), should stop doing this and get a real job”. The obvious answer to this of course is – this is their real job! How many jobs – a relatively easy job at that – could produce this type of income?

The following two examples taken from this Blogs readers’ questions, illustrate the consequences of becoming infected by rogue security software.

Victim #1What do you do if you were duped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 Antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you.

Victim #2I unfortunately fell for the “virus attack” after trying to remove it, gave in and bought the XPAntivirus. They charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received. It was a nightmare trying to get in touch with anybody.

I finally connected with a guy with an accent, who told me to E-mail the billing service re: my problem. I wrote them tried to call, it’s been a week, and they still won’t contact me to clarify what occurred. I printed off a purchase order from them when I bought the XP which verifies what I received. Anybody know what state their in, I’ll notify the states attorneys office. These people are crooks.

(These two readers were responded to privately.)

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so. The following removal solutions will be invaluable.

The individuals / companies, who wrote and developed these free tools, and who offer free removal advice, are to be congratulated for giving back, so freely, to the Internet community.

Without their generous efforts, those infected by rogue applications, would be faced, without the assistance of a professional, with the unenviable task of performing a complete system reinstall, with a strong probability of losing irreplaceable Hard Drive data.

Free resources:

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Scareware Not Swine Flu – An Epidemic Nevertheless!

Filed under Don't Get Scammed, Don't Get Hacked, Firefox Add-ons, Free Anti-malware Software, Free Security Programs, Freeware, Internet Explorer Add-ons, internet scams, Malware Advisories, Online Safety, Panda Security, Rogue Software, Rogue Software Removal Tips, Scareware Removal Tips, Software, System Security, Windows Tips and Tools

Caution – Trend Micro’s HouseCall Spoofed

The Internet is increasingly like the Wild West – at least the Wild West we’re use to seeing portrayed in the movies.

The strong, fast with a six shooter, secure tough hombres (read – informed), survive; while the weak, the insecure and the unarmed, (read – uninformed), get their butts kicked. Once again we have a situation where this scenario is likely to play out.

In the last six months or so, I have focused primarily on Internet security issues on this Blog, with a particular emphasis on the massive number of rogue security applications flooding the web.

Since not all security scanners are equal, or 100% effective, I have recommended, in a number of articles, that online scanners are a viable alternative to installed malware scanners as a double check to ensure computer systems are free of malware infections. One of the scanners I have always recommended is, Trend Micro’s HouseCall.

Cyber-criminals, not satisfied with exploiting installable malware scanners, are now trying to exploit Trend Micro’s free online scanner HouseCall. The uninformed Internet user is, once again, the primary target of these cyber-criminals.

According to  Trend Micro, a surfer using a search engine such as Google, with a search string such as, “free online virus scan by Trend Micro”, can end up on a spoofed version of  HouseCall by clicking the link returned by Google. Not surprisingly, the spoofed site informs users their computers are infected with malware, and then teases them to purchase a fake anti-virus application in order to remove the fake threat.

Regular visitors to this site are aware of the substantial threat posed by rogue security application. For more information on this issue, checkout “ Rogue Security Software on the Rise – What You Need to Know Now!” on this site.

Trend Micro advises all users to go to their website home page directly for product information and services, instead of clicking on links to individual pages brought up by search engines. This advice should, in fact, be followed for all searches.

5 Comments

Filed under Don't Get Hacked, Interconnectivity, internet scams, Malware Advisories, Online Safety, Online Spyware/Virus Scanners, Rogue Software, Safe Surfing, Spyware - Adware Protection, System Security

Rogue Security Software – It’s All About the Money!

Cyber crooks are continuing to develop and distribute “rogue security software”, at a furious pace; there are literally thousands of variants of this type of malware circulating on the Internet.

Unless you have had the bad experience of installing this type of malicious software, you may not even be aware that such a class of software even exists. But it does, and it has now reached virtual epidemic proportions on the Internet.

Rogue security software is software that uses malware, or malicious tools, to advertise or install itself. After the installation of rogue security software, false positives; a fake or false malware detection warning in a computer scan, are a primary method used to convince the unlucky user to purchase the product.

Rogue security software can write itself into multiple parts of the operating system, and in many cases it can hide its files, registry entries, running process and services, making the infection virtually impossible to find and remove.

As well, the installation of such malware can lead to a critically disabled PC, or in the worst case scenario, allows hackers access to important personal and financial information.

(Current Internet infections – courtesy of Panda)

The highest rated articles on this Blog, in the past few weeks, have been those associated with this type of malicious software. It’s easy to see why.

According to Luis Corrons, technical director of PandaLabs, “more than 30 million users have been infected by this new wave of fake antivirus programs”. This begs the question – why infect Internet users’ computers in this way?

Money – and lots of it. As Corrons explains “extrapolating from an average price of €49.95, we can calculate that the creators of these programs are receiving more than €11 million (U.S. $15 million), per month”

(An example of a rogue security application – click image for larger view)

Recently, a reader of this Blog made the statement “These people (cyber criminals), should stop doing this and get a real job”. The obvious answer to this of course is – this is their real job! How many jobs – a relatively easy job at that – could produce this type of income?

The following two examples taken from this Blogs readers’ questions, illustrate the consequences of becoming infected by rogue security software.

Victim #1What do you do if you were duped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 Antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you.

Victim #2I unfortunately fell for the “virus attack” after trying to remove it, gave in and bought the XPAntivirus. They charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received. It was a nightmare trying to get in touch with anybody.

I finally connected with a guy with an accent, who told me to E-mail the billing service re: my problem. I wrote them tried to call, it’s been a week, and they still won’t contact me to clarify what occurred. I printed off a purchase order from them when I bought the XP which verifies what I received. Anybody know what state their in, I’ll notify the states attorneys office. These people are crooks.

If you are a victim of Rogue Security Software, the following removal solutions will be invaluable. The individuals/companies, who wrote and developed these free tools, are to be congratulated for giving back, so freely, to the Internet community.

Without their generous efforts, those infected by rogue applications, would be faced with the unenviable task of performing a complete system reinstall, with a strong probability of losing irreplaceable Hard Drive data.

(An example of a rogue security application – click image for larger view)

Rogue applications removal solutions are freely available at:

Bleeping Computer is a web site where help is available for many computer related problems, including the removal of rogue software.

Rogue Fix at Internet Inspiration.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover will safely remove a number of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue security software:

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications where exposure to rogue security applications is widespread.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Antivirus and anti-spyware are not the only rogues, and fake popup warnings are not the only method of attack– read “Have Your PC Running Like New — Not!” on TechPaul’s site, for a great post on other methods cyber criminals use to infect unwary users’ computers.

1 Comment

Filed under Anti-Malware Tools, Browser add-ons, Don't Get Hacked, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Internet Explorer Add-ons, Internet Safety, internet scams, Malware Advisories, Manual Malware Removal, Online Safety, Rogue Software, Safe Surfing, Software, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools

Antivirus 2009 – Five Removal Solutions

These days it seems, my email inboxes are overflowing with email scams, and no doubt you are seeing the same thing happening in your email inbox.

Email scams work because the cyber-crooks responsible for these scams are experts at using social engineering as the hook. They rely on the fact that we are a curious species on the one hand, and that we are easily frightened by the unknown, on the other hand.

Currently, rogue security developers (cyber-crooks), are combining both of these powerful persuaders, to convince unaware Internet users to download a harmful fake anti-virus/anti-spyware program, Antivirus 2009, which in reality causes the problem that it supposedly solves.

The very familiar bogus celebrity scandal email link is the teaser, which when activated launches a “your computer is infected with a virus” message screen. Clicking on the accompanying ad for a free anti-malware removal program, will download a Trojan horse which will install Antivirus 2009; rogue security software that launches fake malware detection warnings.

Rogue security applications, and there seems to be an epidemic of them on the Internet, including Antivirus 2009, have been developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

The majority of typical Internet users, I speak with, are not aware that such a class of software even exists. But it does; and regrettably, it is becoming more widespread. An email scam is not the only method in which this parasitic software can be installed on a users system.

Just like its predecessor, Antivirus 2008, this particular rogue security software’s installer (ZLOB/MediaAccess Codec) can be found on adult websites, or it can be installed manually from rogue security software websites like antivirus-scanner.com, or antivirus2009.com.

If the full program fee is not paid, XP Antivirus 2009 continues to run as a background process incessantly reporting those fake or false malware detection warnings. To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool. Unfortunately, even if an unaware user pays for this rogue security, the program will continue to run.

Here are some typical comments from a few of this Blog’s readers which will give you an indication of how destructive this rogue software is:

“My home computer is infected with the xp antivirus 2009 rogue software. It has grown like a cancer and has attacked my .dll files and I no longer can use my Internet Explorer to log on to the internet. I was told by a customer support person at Dell computer that eventually it will destroy all my files and I’ll have nothing but a blue screen. I’ve tried several removal tools that require you to buy their full program and since I can’t get on the internet I’m dead in the water. Is their any free program that actually works? I’ve tried PC Tools, Avira, Spy Hunter, a Squared & others. HELP!!!”

“I also purchased this software out of fear and they are continuing to bill my account for charges I did not authorize. I have called the billing company and emailed them without success. I just got off the phone with a foreign country who told me he couldn’t help me even though they say they can help 24-7. I contacted my bank 2 days ago and found out I had to wait till they received the order and I was charged (at that time the charges were pending). The charges were removed yesterday and back on today with additional charges. Anybody got any ideas how to stop this. I emailed the FTC and plan to call them tomorrow”.

“What an awesome page this is, thank you. Unbelievable what this thing did to my laptop. No access to task manager, no access to “my computer”. Pop-ups everywhere. Tried spybot, fixwareout, HijackThis to no avail. Might as well not have had Black Ice and Norton. Somehow I maintained the presence of mind to realize I was getting seriously bent over. I swear to God “breaking on the wheel” is a good punishment for these psychopaths. Luckily I keep most of the important stuff, including a script I’m writing, externally, so I re-formatted (2X). I know, NOT a good solution for people with all their stuff on the C drive. I’ll try the freeware, but basically I’m going to keep myself prepared as much as possible to have to scrub the hard drive at a moments notice. Bastards”.

Solutions:

Rogue Fix at Internet Inspiration

SmitFraudFix available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

Bleeping Computer is a web site where help is available for many computer related problems, including the removal of rogue software.

Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover will safely remove a number of rogue security applications.

If you are an advanced computer user, checkout “XP Antivirus 2008/2009 – Advanced User Removal Solution” on this Blog.

What you can do to reduce the chances of infecting your system with rogue security software.

  • An absolute necessity is to make sure that any security application you are considering installing is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance is Spyware Warrior.
  • Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
  • Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications where exposure to rogue security applications is widespread.
  • Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
  • Do not click on unsolicited invitations to download software of any kind.
  • Be kind to your friends, relatives, and associates and let them know that all of the above dangers are now epidemic on the Internet. In that way, it raises the level of protection for all of us

19 Comments

Filed under Anti-Malware Tools, Email, Firefox Add-ons, Freeware, Geek Software and Tools, Interconnectivity, Internet Explorer Add-ons, Internet Safety, internet scams, Malware Advisories, Online Safety, Rogue Software, Safe Surfing, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools

Don’t Download AntiSpywareMaster – Rogue Security Software!

Most of us go into curiosity mode when we surf the Internet. One of the keys to the success of the web is that it can, in fact, satisfy our curiosity about almost anything we can think of. Over time we have learned to satisfy this curiosity simply by a mouse click here, and a mouse click there.

So, if you were interested in anti-malware security software, (most surfers are), how likely is it that you would click on the following piece of advertising that states –

“AntiSpywareMaster guarantees your safety online proving reliable non-stop protection of your computer thanks to unique combination of features the most effective ones to ensure the best antivirus defense of PC. (Find out more)”. Given our web induced curiosity, the chances are that at least some surfers will click on this.

In reality however, if you had clicked on this particular ad you would have begun the process of infecting your computer with malware (AntiSpywareMaster) that in the end would attempt to convince you to spend $30 – $50 to remove false positives; fake or false malware detection warnings, that this program is designed to install on your machine.

AntiSpywareMaster, released within the last few days, is rogue security software that uses false advertising, (frequently on free download, Warez and porn websites), malware, or malicious tools, to install itself. As is usually the case with Rogue software, after installation, AntiSpywareMaster will attempt to force users to pay for removal of nonexistent spyware.

Luis Corrons, technical director of PandaLabs, the center of Panda Security’s technical support services, in describing AntiSpywareMaster states, “When we analyzed this malicious code we found a file containing information about the infections to display. So, seemingly, this anti-spyware already knows the malicious code it will detect, before it has even begun to scan the computer! Evidently, this is a malicious program”

Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis to identify newer threats.

As well, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover will safely remove WinAntiSpyware/WinAntiVirus, SpyAxe, VirusBlast, VirusBursters, as well as a number of other rogue applications.

An absolute must is making sure that the security application you are considering installing is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance is Spyware Warrior.

Some current rogue software:

· AntiVirGear

· AntiVirusGold

· Cleanator

· DriveCleaner

· EasySpywareCleaner

· InfeStop

· Malware Alarm

· PCSecureSystem

· PestTrap

· SpyAxe

· Spylocked

· SpySheriff

· SpySpotter

· Spyware Quake

· Spyware Stormer

· Spy-Rid

· System Live Protect

· UltimateCleaner

· VirusHeat

· VirusProtectPro

· WinAntivirus2006

· WinFixer

Always remember of course, that you are your greatest line of defense against malware. STOP. THINK. CLICK.

Share this post :

12 Comments

Filed under Anti-Malware Tools, Free Security Programs, Freeware, Interconnectivity, internet scams, Malware Advisories, Online Safety, Rogue Software, Safe Surfing, Software, Spyware - Adware Protection, System Security, Windows Tips and Tools

Rogue Security Software On The Rise – What You Need to Know Now!

If the day should ever come when anti-malware applications achieve a 100% effective rate in the detection of malware, or software developers develop operating systems and applications that are fully malware resistant, I’ll have to find something else to Blog about! It doesn’t look like that day is likely to happen soon however. In the meantime many of us will continue to download and test/tryout the latest, greatest, and newest anti-malware tools.

Knowing this, Cyber crooks will continue to develop and distribute “rogue security software”. Unless you have had the bad experience of installing this type of malicious software, you may not be aware that such a class of software even exists. But it does.

Rogue security software is software that uses malware, or malicious tools, to advertise or install itself. Often, after installation on a system, an attempt is made to force users to pay for removal of nonexistent spyware. Rogue software will often install and use a Trojan horse to download a trial version, or it will perform other actions on a machine that are detrimental such as slowing down the computer drastically.

After installation of rogue security software, false positives; a fake or false malware detection warning in a computer scan, are the primary method used to convince the unlucky user to purchase the product. After all, a dialogue box that states “WARNING! Your computer is infected with spyware! – Buy [XYZ] to remove it!” is a powerful motivator. Clicking on the OK button takes the user to the product download site.

Another warning message typical of rogue anti-spyware software is as follows: “System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution”.

Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis to identify newer threats.

As well, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover will safely remove WinAntiSpyware/WinAntiVirus, SpyAxe, VirusBlast, VirusBursters, as well as a number of other rogue applications.

Download from MajorGeeks.com

An absolute must is to make sure that the security application you are considering installing is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance is Spyware Warrior.

Some current rogue software includes:

  • AntiVirGear
  • AntiVirusGold
  • Cleanator
  • DriveCleaner
  • EasySpywareCleaner
  • InfeStop
  • Malware Alarm
  • PCSecureSystem
  • PestTrap
  • SpyAxe
  • Spydawn
  • Spylocked
  • SpySheriff
  • SpySpotter
  • Spyware Quake
  • Spyware Stormer
  • Spy-Rid
  • System Live Protect
  • UltimateCleaner
  • VirusHeat
  • VirusProtectPro
  • WinAntivirus2006
  • WinFixer

Always remember of course, that you are your greatest line of defense against malware. STOP. THINK. CLICK

19 Comments

Filed under Anti-Malware Tools, Internet Safety, Internet Safety Tools, Malware Advisories, Online Safety, Rogue Software, Safe Surfing, Software, System Security, Windows Tips and Tools