Scammers

davefrombc · #1 05-18-2011, 02:56 PM

Members of two other forums I'm in have been hit by a phony anti-virus that holds them for ransom by disabling their computers. It is a variant of one that was around last year , and is much more difficult to remove than last years version was because it re-directs executable files to itself so you can't just go into Safe Mode to run Malwarebytes or other programs to kill it . The phony A/V goes by several names, with XP Anti-virus 2011,Vista Anti-virus 2011, or Windows 7 Anti-Virus 2011 being the most common. All versions detect the OS you are running and pop up a fake warning and "scan" to sucker the unwary on clicking on it allowing it to install. If you get such a sudden virus warning and "scan" , just close your browser ..The usual source of the fake comes from web pages that have been hacked, so your favourite sports page , a page you go to in a search , or game site might be host to the scam. I have hit 3 sites now doing a search on aquarium related subjects. The scum also have attempted to sucker people through links on FaceBook and other social sites , and the occasional e-mail.
Here is an article I copied from another forum I'm in .. I don't know the original source , but it is a timely piece that needs to be read by all.

The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.

In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.

Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.

So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It's called social engineering, and it's a big problem these days. "The attackers have figured out that it's not that hard to get users to download Trojans," said Alex Stamos, a founding partner with Isec Partners, a security consultancy that's often called in to clean up the mess after companies have been hacked.

Social engineering is how the Koobface virus spreads on Facebook. Users get a message from a friend telling them to go and view a video. When they click on the link, they're then told that they need to download some sort of video playing software in order to watch. That software is actually a malicious program.

Social-engineering hackers also try to infect victims by hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Download these and you're infected. The criminals also use spam to send Trojans, and they will trick search engines into linking to malicious websites that look like they have interesting stories or video about hot news such as the royal wedding or the death of Osama bin Laden.

"The attackers are very opportunistic, and they latch onto any event that might be used to lure people," said Joshua Talbot, a manager with Symantec Security Response. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.

In enterprises, a social-engineering technique called spearphishing is a serious problem. In spearphishing, the criminals take the time to figure out who they're attacking, and then they create a specially crafted program or a maliciously encoded document that the victim is likely to want to open -- materials from a conference they've attended or a planning document from an organization that they do business with.

With its new SmartScreen Filter Application Reputation screening, introduced in IE 9, Internet Explorer provides a first line of defense against Trojan horse programs, including Trojans sent in spearphishing attacks.

IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.

Haber agreed that better browser protection is pushing the criminals into social engineering, especially over the past two years. "You're just seeing an explosion in direct attacks on users with social engineering," he said. "We were really surprised by the volumes. The volumes have been crazy."

When the SmartScreen warning pops up to tell users that they're about to run a potentially harmful program, the odds are between 25 percent and 70 percent that the program will actually be malicious, Haber said. A typical user will only see a couple of these warnings each year, so it's best to take them very seriously.

marie · #2 05-18-2011, 09:31 PM

I've been hit twice by that virus, it stopped me from using any basic computer functions until I downloaded their software (which I didn't do)..... I solved the problem once and for all by buying a Mac

midgetwaiter · #3 05-18-2011, 10:30 PM

Mac users are in for an ugly little surprise soon. Apple has finally captured enough market share that they are worth targeting.

http://www.zdnet.com/blog/bott/cryin...explosion/3351

marie · #4 05-18-2011, 10:35 PM

Quote:

Originally Posted by midgetwaiter

Mac users are in for an ugly little surprise soon. Apple has finally captured enough market share that they are worth targeting.

http://www.zdnet.com/blog/bott/cryin...explosion/3351

I have an antivirus for macs already downloaded, hopefully that will be enough

*edit* and no it's not called macprotector

Doug · #5 05-18-2011, 11:56 PM

Quote:

Originally Posted by midgetwaiter

Mac users are in for an ugly little surprise soon. Apple has finally captured enough market share that they are worth targeting.

http://www.zdnet.com/blog/bott/cryin...explosion/3351

From what I have read about it, its more unlikely than likely even if no anti virus is added, which I have done for my iMac anyways.

SeaHorse_Fanatic · #6 05-19-2011, 04:31 AM

I had the same problem with the earlier version called Systems Tools.

My wife Irene had her work laptop messed up bigtime with one of these nasty viruses.

They should take all these virus programmers and throw them in a cell with some convicts who are into S&M.

ALang · #7 05-19-2011, 04:12 PM

Pretty nasty.
People like me, who depends on Norton360 to protect me, feels helpless.
When Norton or Java or even Firefox upgrade downloads "are available to download now" for faster and better experience.
So what do I do?? I usually click on "yes".
How does one Know NOT to do that??
Anything else to tip us off that it's a malware??

davefrombc · #8 05-19-2011, 06:24 PM

If the message comes in an e-mail, don't click on the link.. It is a scam. I can't speak for how Norton does it , but Java usually announces in the task bar . Firefox usually has a clear announcement when you open it. Never click on an update announcement that pops up when you are just doing some surfing or visiting favourite websites. That scum a/v pops up as a virus warning and supposed scan as soon as you visit a compromised website .. 2 clues it is malware .. 1 ... it is not your a/v ( Norton ) warning and scanning , and 2 .... legitimate a/v's just pop up a warning there is a virus/ trojan, they don't start any kind of scan. Just close the browser if you get a popup like that .. don't click anything on the page .
If you get an e-mail supposedly from your bank , PayPal, E-bay , or any other business you deal with telling you there is a problem with your account and to go to a link , don't click it .. it is a scam.
To find out for certain if there is an update to a service , or you need to contact your bank , PayPal, etc. Open your browser and type in the address you know is legitimate ( from your favourites, for example) and see if they in fact have an update, or in case of some programs from the help or tools link in the program itself. Messages from your bank or credit card company are best dealt with by phoning them at their normal number , not from one in an e-mail.
If you get messages supposed to be from friends pointing to a website or download , treat it with suspicion unless you are expecting the message . Make sure before opening a file or visiting a webpage in such mailings .
Basically , be a little paranoid of any mail with links, and " update" notifications that are out of the ordinary..

ALang · #9 05-19-2011, 11:44 PM

Thanks for the info.