Tag Archives: Total Security 2009

Total Security 2009 – PandaLabs Fights Back by Offering Free Serial Numbers

image Once again ransomware is on the loose; but it’s a little bit different this time around. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

Now we have a another new form of ransomware to deal with. Cyber criminals are now combining rogueware with ransomware, enabling them to hijack users’ information and block computer use.

Courtesy of PandaLabs:

PandaLabs, Panda Security‘s malware analysis and detection laboratory, has identified a new, more aggressive trend cyber criminals are using to sell fake anti-virus programs, otherwise known as rogueware. Cyber criminals are now combining rogueware with ransomware, hijacking users’ computers and rendering them useless until victims purchase fake anti-virus programs.

The fake program that PandaLabs has discovered, called Total Security 2009, is being offered to victims for approximately $79.95. Victims can also purchase ‘premium’ tech support services for an additional $19.95.

image

Users who pay the ransom receive a serial number that releases all files and executables, allowing them to work normally and recover their information. The fake anti-virus, however, remains on their systems.

PandaLabs has published a list of serial numbers that victims can use to unblock their computers, as well as a video demonstrating how this scam operates. To obtain a serial number click here.

Previously, when computers were infected by this type of malware, users would typically see a series of warnings prompting them to buy a paid version of the program. The new method of selling rogueware blocks users’ attempts to run programs or open documents, displaying a message falsely informing them that all files on their computers are infected and the only solution is to buy fake anti-virus.

“Users are often infected unknowingly – in most cases through visiting hacked Web sites. Once a computer is infected, it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge,” said Luis Corrons, technical director of PandaLabs.

“Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked. The only application that can be used is the Internet browser, conveniently allowing the victim to pay for the fake anti-virus. For this reason, on the PandaLabs blog, we have published the serial numbers required to unblock the computer if it has been hijacked. Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake anti-virus.”

“The way this rogueware operates presents a dual risk: First, users are tricked into paying money simply in order to use their computers; and second, these same users may believe that they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected,” adds Corrons.

“This shift toward hijacking computers indicates either that users are becoming more adept at recognizing these threats or that security companies are beginning to close the gap on this highly sophisticated level of cybercriminal behavior. This would explain why hackers are becoming more aggressive in the methods used to force the victims into purchasing fake anti-virus programs.”

You can download a free trial of Panda Global Protection 2010 to completely remove the infection, once the ransomware feature is removed.

PandaLabs recently published a report about the lucrative business of rogueware. The report is available here.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, Ransomware, Rogue Software, Rogue Software Removal Tips, Software Trial Versions, System Security, Windows Tips and Tools

Total Security 2009 Scareware – Panda Security Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at Total Security 2009, yet another
example of the many fake antiviruses in circulation.

This type of malware passes itself off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats that actually do not exist.

Once installed on the target computer

image

Total Security displays a warning indicating that the computer is at risk.

image

Then, it simulates a system scan reporting a series of infections in order to scare users into buying the antivirus solution.

image

image

On finishing the scan, Total Security displays a screen offering a solution to the
user’s problem.  The solution consists of activating the fake antivirus.

image

However, to activate the product, users must pay a fee to the anti-malware vendor. After this, users receive a code they must enter in the program.

image

Once they do this, the malicious application stops displaying warnings about
threats. This aims to make users believe they have actually bought an antivirus product, whereas, in reality, no infection has been removed and users are not protected against threats.

image

Total Security installs on computers just as if it were a legitimate security solution. It creates a shortcut in the desktop, another one in the program directory of the Start menu and a third one in the Add or Remove Programs section.

This malware can reach users in a variety of ways: through links in spam messages, downloaded from a malicious Web page, etc. Once run, the
program launches the installation process.

More information about these and other malicious codes is available in
the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice, you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Safety, Malware Advisories, Panda Security, PandaLabs, Rogue Software, Rogue Software Removal Tips, Safe Surfing, scareware, Scareware Removal Tips, Software, Windows Tips and Tools