PAntispyware09 is a new rogue anti-spyware application and a clone of MsAntispyware2009. It will give exaggerated threat reports on the compromised computer, then ask the user to purchase a registered version to remove threats which do not exist.


Antivirus09 (or Antivirus’09) is a new rogue that follows the normal rogue procedure. It is distributed through a web page that presents the user with a fake online scanner.

 

 

 

 

 

 

 

 

 


Buyers Beware

by Erin on March 13th, 2009 in Lavasoft Products, Security Alerts.

A word of caution to all of you online shoppers browsing the Web for the best buys: if it looks too good to be true, it just may be.

We’ve recently come across a website that is misrepresenting itself as a Lavasoft affiliate, and selling copies of our Ad-Aware Pro software that are not legitimate or supported by our company.


Be on the lookout: a new warning has been issued to consumers about economic stimulus scams via incoming e-mail and fraudulent websites.


Antispyware Pro 2009 is a new rogue anti-spyware application. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove threats which don't exist.


Lavasoft Malware Labs recently had a closer look on an IP range full of hoax sites. Reverse IP on 78.129.142.235 will reveal around 200 fraudulent domains which are hosted in United Arab Emirates.  Most of the sites hosted under 78.129.142.235 will use and take advantage of already existing products from the security industry and other popular software. The examples below display their way to make illegal domains look reliable.

hxxp://7zip-2009.info
hxxp://Directx-full.info
hxxp://Icq-full.info
hxxp://Messengerplus-2009.info
hxxp://Safari-full.info
hxxp://Winrar-2009.com
hxxp://Www-kaspersky.info


Today a new rogue was discovered called Spyware Fighter.  It is following the normal patterns with false detections and trying to scare the user into buying a license to clean them.

 

Further it has the classic user friendly home page available under a few similar named domains.

 

SpywareFighter was added to detection in release 0146.0017.


Some new rogue anti-virus programs to be aware of...First out is XPVirusProtection with a standard looking website.

Homepage


Antispyware3000 is a typical rogue. It shows a lot of false positives for files that do not even exist on the drive.  However, for some reason, their full scan does not show these hits.


XP Police Antivirus is a new rogue anti-spyware application. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove threats which don't exist.

XPPoliceAntivirus


Win32.Worm.Waledac spreads itself using Valentine's Day "advertising" as the distribution method. It can be found on a website full of hearts with the text Guess, which one is for you? as picture 1 shows.

Picture 1


The business-oriented social networking site, LinkedIn, has had a recent bout with malware, as you may have seen by all of the buzz this week in the news headlines. As most of you who use them know, social networking sites, while having many advantages to users, have long been targeted by socially engineered scams - meaning you need to take care when roaming around on these types of sites.

In terms of the issues seen lately on LinkedIn - profiles on the site were created to act as a staging point for the distribution of 'FakeAlert' software. This malware serves typical scareware messages claiming that your machine is infected and that you should install the rogue anti-malware application that the warning message is peddling. Despite the FTCs recent efforts in tackling the scourge of rogueware, the fact that these applications continue to proliferate proves they still provide a significant return of investment for malware authors.

The LinkedIn profiles themselves consisted of links that claimed to lead to pornographic images/video content of various celebrities. Upon landing at these sites, victims were invited to install a codec to allow them to view the (non-existent) video; the file was not a video codec, but malware. This method of attack continues to prove to be extremely effective. The social engineering technique being applied is, sociologically, extremely interesting; despite users increasing awareness of Internet safety (i.e. maintaining download discipline, avoiding untrustworthy sites, and generally being aware of the pitfalls when navigating the seedier side of the 'net), using a combination of celebrity and sex to entice continues to be effective.

On the plus side, LinkedIn.com has worked very quickly to deal with this threat - it's encouraging to observe the site's administrators' rapid response time. When the scam first became apparent, many profiles were removed immediately. Currently, all of the malicious profiles that we located have now been cleaned up.