Tag Archives: Rogue Software

Scareware Video Codecs – Another Money Maker For The Bad Guys

imageScareware and Rogue applications (essentially one and the same), once installed, are usually in the victim’s face with an immediate demand for money. Pay me nownot later, is a common theme encountered by those unlucky enough to be trapped.

The ever creative malware clan though, which seems to be always tinkering with delivery methods, has just released a combo threat in an effort to enhance what is already a mature and lucrative business model.

This time around, the bad guys have combined the ever popular missing codec scam (see – Video Codecs – Gateways to Malware Infection – March 2010), with the more usual “Hey, you’re infected” scareware shakedown.

Initially, the unlucky victim gets the usual blunt, and very convincing warning – much like the one below.

image

Courtesy – GFI.

You’ll notice, that unlike the usual “click here to buy” or similar come-on, the potential victim is simply instructed to “Remove all” Trojans. Sounds pretty upfront don’t you think? OK, maybe not to you as an experienced user but, what about your friends/relatives who aren’t as aware as you are? The sad reality is – the victims continue to pile up.

Unfortunately, clicking on “Remove all”, will install a series of malware infected files. The (innocent?) victim will not notice that he’s just been bamboozled – not yet. The victim won’t get the “but wait, there’s more” message, until the time comes to play a Web video.

image

Courtesy – GFI.

And then – booom. Time to pay – as shown in the following screen shot.

image

Courtesy – GFI.

Worth repeating:

If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

There is an epidemic of rogue software on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

Some good advice from popular guest writer Mark Schneider – “My general rule of thumb for video is: If VLC won’t play it don’t bother.”

So that you can avoid the “missing codec scam”, and to ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Codecs, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Security Alerts, Online Safety, Rogue Software, scareware, Software, trojans, Windows Tips and Tools

To Watch This Video You Need To Install A Codec – DON’T DO IT!

image

If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

A favorite method used by cyber criminals to drop malware on unsuspecting users’ computers, is the requirement that you must first download a “missing” codec, to enable viewing.

If you’re curious, or you’re not convinced that this is a potentially dangerous scenario – go ahead and click. But, before you do, make sure you have:

A current backup CD/DVD, or other media, containing your irreplaceable files – you’re probably going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

It’s possible of course, that you may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature database recognizes the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

Consider this: Currently there is an epidemic of so called “rogue software”, on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

As the following screen captures illustrate, there is a wide variance in these invitations to install a missing, or “required” codec.

image

image

image

image

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

Don’t be the type of person who clicks indiscriminately at every opportunity to do so. If you do, I guarantee you – your computer will be infected within minutes.

To ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Audio Software, Codecs, cybercrime, Don't Get Hacked, downloads, Freeware, Malware Advisories, Rogue Software, scareware, Software, Utilities, Video Tools, Windows Tips and Tools

Video Codecs – Gateways to Malware Infection

image If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

A favorite method used by cyber-criminals to drop malware on unsuspecting users’ computers, is the requirement that you must first download a “missing” codec, to enable viewing.

If you’re curious, or you’re not convinced that this is a potentially dangerous scenario – go ahead and click. But, before you do, make sure you have:

A current backup CD/DVD, or other media, containing your irreplaceable files – your probably going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

It’s possible of course, that you may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature database recognizes the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

Consider this: Currently there is an epidemic of so called “rogue software”, on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

As the following screen captures illustrate, there is a wide variance in these invitations to install a missing, or “required” codec.

image

image

image

image

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

Don’t be the type of person who clicks indiscriminately at every opportunity to do so. If you do, I guarantee you – your computer will be infected within minutes.

To ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

18 Comments

Filed under cybercrime, Digital Media, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Advisories, Media Players, Online Safety, Rogue Software, Software, Video, Viruses, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP, worms

Patrick Swayze’s Death – An Opportunity For Hackers

Dirty Dancing star Patrick Swayze, as most people are now aware, passed away several days ago, and it hasn’t taken long for cyber crooks to use this to advantage. Cybercriminals have jumped on this information, and are already exploiting this sad event.

Searching for news of Swayze’s death has multiple risks attached, including the risk of landing on an infected web site, which can lead to the downloading of “scareware” – fake security software.

Scareware is now recognized, by security experts, as the single most profitable money maker for cybercriminals, with thousands of users falling victim to scareware scams every day.

Cybercriminals are experts at exploiting our natural curiosity surrounding current events, and by focusing on this aspect of social engineering, they are increasingly creating opportunities designed to drop malicious code, including rootkits, password stealers, Trojan horses, spam bots, and of course scareware, on our computers.

If an event is newsworthy, or it’s titillating in any way, you can be sure cybercriminals are exploiting it for their own advantage. A case in point: Serena Williams’ disgraceful behavior at the US Open, is currently been used by cybercriminals to trap victims into downloading rogueware.

I highly recommend that you watch the following YouTube video (courtesy of Sophos), which illustrates just how easy it is for the bad guys to trap unprepared computer users into downloading rogue software.

clip_image001

Save yourself from being victimized by scareware, or other malware, and review the following actions you can take to protect your Internet connected computer system:

  • When surfing the web – Stop. Think. Click
  • Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on your computer.
  • Install a personal firewall on your computer.
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
  • Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Malware Advisories, Online Safety, Rogue Software, scareware, System Security, trojans, Viruses, Windows Tips and Tools

Scareware Not Swine Flu – An Epidemic Nevertheless!

Cyber crooks are continuing to develop and distribute “rogue software”, also known as “scareware’,  at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet.

Unless you have had the bad experience of being trapped by this type of malicious software, you may not even be aware that such a class of software even exists. The average computer user that I speak with informally, has no idea that rogue applications even exist.  But they do, and distribution has now reached virtual epidemic proportions on the Internet.

It’s all about the money:

Rogue software is software that uses malware, or malicious tools, to advertise or install itself. After the installation of rogue software, false positives; a fake or false malware detection warning in a computer scan, are a primary method used to convince the unlucky user to purchase the product.

Rogue security software can write itself into multiple parts of the operating system, and in many cases it can hide its files, registry entries, running process and services, making the infection, in many cases, virtually impossible to find and remove.

As well, the installation of such malware can lead to a critically disabled PC, or in the worst case scenario, allow hackers access to important personal and financial information.

(Current Internet infections – courtesy of Panda Security)

The highest rated articles on this Blog, in the last 12 months, have been those associated with this type of malicious software. It’s easy to see why.

So how much money is really involved here? Lots -according to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through rogueware attacks.

image

(An example of a current rogue security application)

Recently, a reader of this Blog made the statement “These people (cyber criminals), should stop doing this and get a real job”. The obvious answer to this of course is – this is their real job! How many jobs – a relatively easy job at that – could produce this type of income?

The following two examples taken from this Blogs readers’ questions, illustrate the consequences of becoming infected by rogue security software.

Victim #1What do you do if you were duped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 Antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you.

Victim #2I unfortunately fell for the “virus attack” after trying to remove it, gave in and bought the XPAntivirus. They charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received. It was a nightmare trying to get in touch with anybody.

I finally connected with a guy with an accent, who told me to E-mail the billing service re: my problem. I wrote them tried to call, it’s been a week, and they still won’t contact me to clarify what occurred. I printed off a purchase order from them when I bought the XP which verifies what I received. Anybody know what state their in, I’ll notify the states attorneys office. These people are crooks.

(These two readers were responded to privately.)

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so. The following removal solutions will be invaluable.

The individuals / companies, who wrote and developed these free tools, and who offer free removal advice, are to be congratulated for giving back, so freely, to the Internet community.

Without their generous efforts, those infected by rogue applications, would be faced, without the assistance of a professional, with the unenviable task of performing a complete system reinstall, with a strong probability of losing irreplaceable Hard Drive data.

Free resources:

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Scareware Not Swine Flu – An Epidemic Nevertheless!

Filed under Don't Get Scammed, Don't Get Hacked, Firefox Add-ons, Free Anti-malware Software, Free Security Programs, Freeware, Internet Explorer Add-ons, internet scams, Malware Advisories, Online Safety, Panda Security, Rogue Software, Rogue Software Removal Tips, Scareware Removal Tips, Software, System Security, Windows Tips and Tools

Caution – Trend Micro’s HouseCall Spoofed

The Internet is increasingly like the Wild West – at least the Wild West we’re use to seeing portrayed in the movies.

The strong, fast with a six shooter, secure tough hombres (read – informed), survive; while the weak, the insecure and the unarmed, (read – uninformed), get their butts kicked. Once again we have a situation where this scenario is likely to play out.

In the last six months or so, I have focused primarily on Internet security issues on this Blog, with a particular emphasis on the massive number of rogue security applications flooding the web.

Since not all security scanners are equal, or 100% effective, I have recommended, in a number of articles, that online scanners are a viable alternative to installed malware scanners as a double check to ensure computer systems are free of malware infections. One of the scanners I have always recommended is, Trend Micro’s HouseCall.

Cyber-criminals, not satisfied with exploiting installable malware scanners, are now trying to exploit Trend Micro’s free online scanner HouseCall. The uninformed Internet user is, once again, the primary target of these cyber-criminals.

According to  Trend Micro, a surfer using a search engine such as Google, with a search string such as, “free online virus scan by Trend Micro”, can end up on a spoofed version of  HouseCall by clicking the link returned by Google. Not surprisingly, the spoofed site informs users their computers are infected with malware, and then teases them to purchase a fake anti-virus application in order to remove the fake threat.

Regular visitors to this site are aware of the substantial threat posed by rogue security application. For more information on this issue, checkout “ Rogue Security Software on the Rise – What You Need to Know Now!” on this site.

Trend Micro advises all users to go to their website home page directly for product information and services, instead of clicking on links to individual pages brought up by search engines. This advice should, in fact, be followed for all searches.

5 Comments

Filed under Don't Get Hacked, Interconnectivity, internet scams, Malware Advisories, Online Safety, Online Spyware/Virus Scanners, Rogue Software, Safe Surfing, Spyware - Adware Protection, System Security

Rogue Security Software – It’s All About the Money!

Cyber crooks are continuing to develop and distribute “rogue security software”, at a furious pace; there are literally thousands of variants of this type of malware circulating on the Internet.

Unless you have had the bad experience of installing this type of malicious software, you may not even be aware that such a class of software even exists. But it does, and it has now reached virtual epidemic proportions on the Internet.

Rogue security software is software that uses malware, or malicious tools, to advertise or install itself. After the installation of rogue security software, false positives; a fake or false malware detection warning in a computer scan, are a primary method used to convince the unlucky user to purchase the product.

Rogue security software can write itself into multiple parts of the operating system, and in many cases it can hide its files, registry entries, running process and services, making the infection virtually impossible to find and remove.

As well, the installation of such malware can lead to a critically disabled PC, or in the worst case scenario, allows hackers access to important personal and financial information.

(Current Internet infections – courtesy of Panda)

The highest rated articles on this Blog, in the past few weeks, have been those associated with this type of malicious software. It’s easy to see why.

According to Luis Corrons, technical director of PandaLabs, “more than 30 million users have been infected by this new wave of fake antivirus programs”. This begs the question – why infect Internet users’ computers in this way?

Money – and lots of it. As Corrons explains “extrapolating from an average price of €49.95, we can calculate that the creators of these programs are receiving more than €11 million (U.S. $15 million), per month”

(An example of a rogue security application – click image for larger view)

Recently, a reader of this Blog made the statement “These people (cyber criminals), should stop doing this and get a real job”. The obvious answer to this of course is – this is their real job! How many jobs – a relatively easy job at that – could produce this type of income?

The following two examples taken from this Blogs readers’ questions, illustrate the consequences of becoming infected by rogue security software.

Victim #1What do you do if you were duped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 Antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you.

Victim #2I unfortunately fell for the “virus attack” after trying to remove it, gave in and bought the XPAntivirus. They charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received. It was a nightmare trying to get in touch with anybody.

I finally connected with a guy with an accent, who told me to E-mail the billing service re: my problem. I wrote them tried to call, it’s been a week, and they still won’t contact me to clarify what occurred. I printed off a purchase order from them when I bought the XP which verifies what I received. Anybody know what state their in, I’ll notify the states attorneys office. These people are crooks.

If you are a victim of Rogue Security Software, the following removal solutions will be invaluable. The individuals/companies, who wrote and developed these free tools, are to be congratulated for giving back, so freely, to the Internet community.

Without their generous efforts, those infected by rogue applications, would be faced with the unenviable task of performing a complete system reinstall, with a strong probability of losing irreplaceable Hard Drive data.

(An example of a rogue security application – click image for larger view)

Rogue applications removal solutions are freely available at:

Bleeping Computer is a web site where help is available for many computer related problems, including the removal of rogue software.

Rogue Fix at Internet Inspiration.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover will safely remove a number of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue security software:

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications where exposure to rogue security applications is widespread.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Antivirus and anti-spyware are not the only rogues, and fake popup warnings are not the only method of attack– read “Have Your PC Running Like New — Not!” on TechPaul’s site, for a great post on other methods cyber criminals use to infect unwary users’ computers.

1 Comment

Filed under Anti-Malware Tools, Browser add-ons, Don't Get Hacked, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Internet Explorer Add-ons, Internet Safety, internet scams, Malware Advisories, Manual Malware Removal, Online Safety, Rogue Software, Safe Surfing, Software, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools