Blog
The fight against fake security software intensifies: The US government to shut down roque software sellers
Sun 21 Dec 2008 09:03:02 AM UTC — Esa S.More than 6 months ago we saw a new fast emerging security threat: fake security software. The sellers of these systems scare Internet users by running a "scan" looking for security problems, and reporting false evidence of viruses, spyware and illegal pornography. The unaware user is then led to a page where he or she needs to buy a license of the bogus software to remove the non-existing problems.
We are are delighted to see that the the US government has moved to shut down sellers of fake security software. The Federal Trade Commission (FTC) has won a restraining order that stops several sellers of "scareware" from continuing to trade.
Millions of people are thought to have been caught out by these fake security products: WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus - familiar names to active WOT members. Read the full story at http://news.bbc.co.uk/1/hi/technology/7779223.stm
Good news..
Hopefully they do it quickly.. But wont most of these fake companies just move to another country? Hopefully even more reduction in spam as a result..
Peace
---------
Jared Gray
Wow
I'm really glad to hear this. Just a few days ago I found that stupid antivirus website where it puts a message behind your browser window to make it look like it's a computer message, and it says: "Do you want to scan your computer for spyware and viruses?(recommended)" And then even if you click no, takes you to a web page attempting to fool you into thinking it's scanning your computer and found like 48 threats. It says of course, to fix these "threats" you need to download their software, which is obviously a virus.
WOT ROCKS!
An example of fake security software
Dear Wow,
There are many Google Sites that have deceptive links to http://planshine.info
It acts exactly as you describe. I have reported the abuse to Google, but the sites are still up.
PHung
GREAT
It's about time...I am glad to see the government doing this. I have had those pop-ups myself trying to sell fake security products and they are very annoying
Good
The more shut down the better.
Fake AntiVirus
Great Link Esa !
Among those mentioned , there are a few more to add.
Antivirus 2009
Antivirus 360 ( referenced to Norton"s 360 )
And a new kid on the block just out this past week
System Security . ( this one asks $51.45 to get infected )
Now, these new ones are much worst than the ones mentioned in the original post.
They now have the ability to block your connection , disable your firewall and install\
a RootKit. This kind of malware is very difficult to eradicate from your PC.
MalwareBytes AntiMalware has a hard time removing ALL of the entries it finds. It seems that the malware is recognizing the security program scanning your PC and
hides certain files. These Trojans are also injecting RootKits . MalwareBytes will delete some of the RootKits files but , some are left behind and require specialized
tools to eliminate the threat completely.
These tools , which should be ran under the expert supervision of Malware fighting
experts are SDFix and ComBoFix.
If you are infected and in the logs of your antimalware scanner you see these entries
C:\WINDOWS\system32\TDSSdxcp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> Quarantined and deleted successfully.
as being "Quarantined and Deleted Successfully" , then you will need to request the help of the Experts either at :
AumHa : http://forum.aumha.org/index.php
BleepingComputers : http://www.bleepingcomputer.com/ .
MajorGeeks : http://forums.majorgeeks.com/ .
IF you find yourself in a bind and the infection is preventing you from connecting
to any security sites ( These new Trojans will stop you connecting to those sites)
Try to download ComBoFix from a clean computer onto a Flash Drive and upload to the infected PC..
Here is a guide on how to use ComBoFix :
http://www.bleepingcomputer.com/combofix/how-to-us... .
PLZ take care to follow the instructions to the letter.
Athlonite
Your help is always needed.
It's About Time
I am so glad their going to do do that. I have experienced almost all of those bogus websites of fake anti viruses. They pretty much pop up every five minutes telling me I have severe viruses and the first time this happened I believed it and i put scan and it showed a whole bunch of scary viruses and when I put to clean it out it said first I have to buy the anti virus and then I knew it was a fake, and I gotta say I was relieved.
Im so glad I got this Wot to show when a website is dangerous and I wont go to any website without it.
Go WOT =)
Good to feel I not alone
I bay Spyhunter for 60 dollar for remove Goldeneye its restrade home too Symantec some keylogger but this is a Rootkit.
This software program have couple hundred Trojan and virus inside. They was encrypted in the software. I talk with Microsoft security unit about it for 6 month ago. But they had no interest even this was a false MS file with theirs name inside in this file "MSCOMCTL.OCX" from 09.03.2004 T:00.00.00
Fight against 'scareware'
What the FTC is doing is admirable, but sadly it will have little effect on a lot of domains that are hosted in China, Russia and the Ukraine.
The internet is not something that can be 'policed' as such, but using safe methods for surfing and the use of the mywot browser addon is a great benefit to all users. The other problem is that the scammers behind his scareware are getting much more devious in there methods, incorporating drive by downloads which users are unaware of until it is too late.
Fortunately, the majority of these can be removed without too much trouble and the bigger threat for 2009 is expected to be MySQL injections from infected sites. So again, all users need to be on guard and very alert when browsing.
Colin
http://freepcsecurity.co.uk
Gov't action against rogue software sellers
It's about bleedin' time! I wonder how long it will take those snails to actually implement it.