Brainfoldb4u's Blog

Just another WordPress.com weblog

Archive for December 28th, 2009

Fake Antivirus Software list nov 2009

Posted by brainfoldb4u on December 28, 2009

Now a days it has become more common for a computer users to receive  pop up from a legitimate website alerting them of a virus or trojans and offering anti-virus software to remove the virus, even though it is not. These pop us are actually created by skilled programmers turned hackers and cyber criminals for personal gain or just few extra bugs.These programs neither scan nor clean computers, and they are actually designed to persuade users that their computers are at risk and scare them into buying the “antivirus” product. They will insist us to install the solution they offer either for free or fewer bugs.

These type of fake antivirus program are widespread and are mostly used by internet criminals. According to Kaspersky labs they have identified more than 20,000 samples in the first half of 2009.  Anti-virus company “Symantec” have claimed to found 250 varieties of scam security software with legitimate sounding names like Anti virus 2010 and SpywareGuard 2008, and about 43 million attempted downloads in one year but did not know how many of the attempted downloads succeeded”  [Source: Symantec]

If we think how do these rouge programs end up on victim machines. Tailored Trojan horse can be used to download such rouge programs, or when a user visit a exploited website can perform a drive by download.  More often either by mistake or by enticement from cyber criminals this programs get into users computer. Criminals raising this software manages to hide the IP address of the page from which malware downloads and installs.

Kaspersky Lab has recently identified a technique used for the dynamic download of rogue antivirus programs. Here’s an example: a script on ********.net/online-j49/yornt.html generated a redirect address, http://******.mainsfile.com.com/index.html?Ref=’+encodeURIComponent (document.referrer). The address generated depended on how the user arrived at the page containing the script (done with the help of document.referrer), or, in other words, which site the user had previously viewed. In this case the redirect led to http://easyincomeprotection.cn/installer_90001.exe, a page hosting a new rogue antivirus program, FraudTool.Win32.AntivirusPlus.kv.

Once after downloading the program below are some symptoms and actions made to threaten the users

  • IF your computer is infected you will probably receive high number of fake warning alerts with increased pop-ups and hijack of your homepage. You can see your computer being usually slow compensating the performance.
  • Sometimes, to make it more convincing, a fake infected file will be installed on the computer together with the rouge antivirus and later the same fake infected file will be detected during the scanning.
  • Then the software will provide us with a recommendation to clean the virus (though you may not have one) in your computer for some money in return to their solution.
  • If user by any chance click the “remove virus” button then a new window will open asking them to purchase their fake product. If you made a choice to buy that software, different payment method like paypal, Amex, Visa  and bank accounts will be shown as if they were legitimate.

Some basic steps that users can take to prevent from more problem are

  • Rouge antivirus infection will not damage users machine, they are used by cyber criminals to make money from inexperienced users.
  • To not to get trapped, Google the antivirus name that comes up and check whether the name has an official site, technical support or phone support.
  • Beware that legitimate anti-virus companies (both commercial and open source) will not scan your computer for money. Never click the button “install”if you don’t know what the pop up says.

If you choose to get rid of the problem by yourself here are some basic steps  to identify the anti-virus and delete them. Uninstall the suspected anti-virus program using Add/Remove utility in the control panel. After removing the utility, restart your computer in safer mode. Then launch Microsoft security essential or firewall vendor of your choice to run a scan against system files and folders to remove the suspected applications. At situations you may need to remove it manually. Make sure to back up your important files. Press Ctrl + Alt + Del to bring up the task manager. Click on the fake anti-virus image name and choose to stop it from running. Go to Start, Run. Type regedit to start the Registry Editor, where you will drop the entries for WinAntiVirus. Browse to the Hkey_Local_Machine\Software folder from the My Computer folder and delete the series of Registry entries that are described under the fake anti-virus thread. Google and try to get as many as information about that virus and try to manually delete it from your windows folder, but make sure to stop the file processes in the task manager before you actually delete them.

PC Manufactures solution:

To protect your computer, try installing and running an up-to-date anti-virus product such as Microsoft Security Essentials, from microsoft ( look at my earlier article on Microsoft free Anti virus software), MSE provides real time protection against virus, trojan, spyware and adwares. Another option is to run a virus scan with the Windows Live OneCare safety scanner.  Microsoft’s Windows  defender can also be used to remove spyware and other potentially unwanted software from your computer.

Latest list of Rouge Antivirus softwares from Microsoft

Microsoft have released a list of significant threat that AV rogues had posed for our users this year.  Besides the prevalent rogues covered by the MSRT, the following is a longer list of AV rogues detected by Microsoft AV products such as Microsoft Security Essentials, Forefront Client Security, etc.

FakeXPA Winfixer FakeSmoke SpywareSecure
FakePowav FakeScanti Spyguarder IEDefender
MalwareBurn Cleanator AntivirusGold MalWarrior
UnSpyPc MalwareCrush SystemGuard2009 Malwareprotector
DriveCleaner PrivacyChampion WorldAntiSpy SpywareSoftStop
DocrorTrojan SystemLiveProtect Yektel AntiSpyZone




Antivirus2008 Winwebsec FakeSecSen FakeRean
PrivacyCenter FakeRemoc VirusRemover Antivirus2009
SpyLocked SpywareStormer Privacywarrior AntiSpywareDeluxe
Trojanguarder SecurityiGuard PrivacyProtector Searchanddestroy
MyBetterPC DoctorCleaner SpyBlast AlfaCleaner
NeoSpace UniGray FakeFreeAV WebSpyShield




InternetAntivirus WinSpywareProtect FakeSpypro AntiSpywareExpert
Antivirusxp Fakerednefed FakeCog VirusRanger
ErrorGuard Antispyware2008 AntiVirGear SpyDawn
SpyCrush EZCatch VaccineProgram UltimateFixer
Fakeav EvidenceEraser TrustCleaner WinHound
Spyaway Vaccine2008 SearchSpy Spyshield




SpySheriff FakeVimes FakeIA AdvancedCleaner
Antispycheck PCSave AntispyStorm FakePccleaner
SpywareIsolator PSGuard Antivirustrojan SpywareQuake
SpyFalcon SpywareStrike XDef WareOut
PrivacyRedeemer Nothingvirus AntiSpywareSoldier Kazaap
VirusConst AVClean AdsAlert SystemDefender




FakeSpyguard Fakeinit SpyAxe
SpyHeal AntiVirusPro Awola
VirusBurst CodeClean MyNetProtector
VirusRescue Spybouncer FakeWSC
TitanShield MalwareWar DoctorAntivirus
Easyspywarecleaner VirusHeat UltimateDefender

Source: Microsoft fake security Anti virus run up


This list from Microsoft has  new and recent rogues such as FakeXPA, FakeSecSen and FakeRean. It also contains some older rouges that are dated since 4 years such as Winfixer and SpySheriff.

Conclusion:

Unfortunately this programs are getting more common. Microsoft encourages PC users run a complete up to date Antivirus products such as Microsoft Security Essentials to protect their computers from these rogues.  Don’t believe any pop-ups other than Google search on your own. Awareness of the threat is very important. Have a look at some of these threats, get familiar with some of the names, screen shots and pass on the word to your friends and families.

Posted in Information Security, Virus | Tagged: | Leave a Comment »

Instapper, a very usefull iphone application!!

Posted by brainfoldb4u on December 28, 2009

Do you ever had a situation when are you well into a  blog or lengthy article but find no time to read when you first found them? Instapper is a cool Application that serves the purpose. Simply download the application to your iphone, add a bookmark to your browser’s toolbar on your PC, mac or Linux  and when you see an article that you would want to read later , select the bookmark and Instapper will save the web page. Do not forget to sync your application while you have internet access.

You will find this application very useful when on a plane, driving through an area with limited or no data connection or on the subway you still be able to read the article.

Just log on to instapper and create a account to get it running. You can also customize your setting with amazon kindle gadget and enjoy reading.

Read the rest of this entry »

Posted in Iphone | Tagged: , | 2 Comments »

Microsoft's free antivirus application

Posted by brainfoldb4u on December 28, 2009

when it comes to PC Security with all the over blowing virus stories it is hard to feel safe online. Security is still not a significant concern for majority of online users. An average/normal user will find no time to worry about the firewall checklist , outbound rules, security updates at every time he get to use his computer. And more over humans are more prone to mistakes by clicking the bad links, downloading an unknown files and executing it without scanning it, getting malware from other computer with pen drive, and example can be many to say.

So it’s no harm to learn about various options that we have in-order to choose a best antivirus software for our need also having an extra layer of protection isn’t completely pointless. Along with PC tools firewall +, Online armor, PC spyware doctor, Comodo Internet security there is another antivirus application from Microsoft and its completely free!! Yeah its a good news for Microsoft lovers. Microsoft has released their Security Essentials pack that has advantages in the landscape of antivirus software. It provides free protection against viruses, spyware and other malware without compensating the system performance like many other firewall applications does. When it comes to speed and routines, installing or running Microsoft’s security essential shows very small disruptions. Even when i tried to download some virus, it immediately identified and blocked them from causing harm.  So its worth trying,  give it a go and feel free to pass your comments if you need more info on how to install them or bugs to report

Microsoft security Essential pack review video

Given said few positives about Microsoft security essentials, its time to decide whether uninstall our other antivirus program that we are currently running or not.  Because it will ask you at the time of installation. But its a quiet simple installation process . Have a look at this video and have your say.

Posted in Firewall, Information Security, Security tools | Tagged: , , | Leave a Comment »