Avast WEBforum
Other => General Topics => Topic started by: dlane123 on October 01, 2010, 07:32:18 PM
-
I have search the forum for info on this virus and think I have fixed it using Malwarebytes. However, I have some questions. How did this older virus (Security Tool) get by my Avast? This virus held my computer hostage and wanted me to pay $79.95 to eliminate itself. My question: isn't this criminal activity? Who would police this felonious activity? I am perturbed and would like to strike back. It seems to me you could follow the money trail and prosecute. Would appreciate any enlargement on this matter. Thanks
-
How did this older virus (Security Tool) get by my Avast?
Not a single signature antivirus is perfect... Rogue AV are difficult to detect.
My question: isn't this criminal activity?
Yes, it is... What can we do?
Who would police this felonious activity?
The security companies...
It seems to me you could follow the money trail and prosecute.
I don't think so...
-
These guys stay in business because they are good at what they do, smart in a bad way. I sympathize the feeling, though. My first rouge infection left me feeling a little....molested.
-
Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/
The reason for the growth in numbers is what is known in technical terminology as ‘polymorphism', an old defence technique which involves changing the binary checksum of every copy (or download) of a piece of malware. This makes it much more difficult for antivirus programs to detect the programs.
-
Threatfire is pretty good at detecting this like this isn't it? They must all exhibit some behavior that would be detected as suspicious by Threatfire?
-
Thanks to those that have replied to my thread start. It sounds like not much can be done to the perpetratore of viruses. I still am steamed that a company/person can infect my computer and then ask for money to clean my computer-sounds like extortion to me. Has any virus initiator every be caught and prosecuted?
-
Yeah, I'm sure people that try this without understanding how to get away with it are the ones who get caught. But this stuff is big black market business now, and non-extradition countries or disputes between nations are easy things to hide behind and reap profits.
@Brandon, yeah, as they said, signatures change fast, so behavior type detect like threatfire is one way to try and protect against this.
-
What I don't understand is how scams like doublemyspeed.com and mycleanpc.com are allowed to air commercials for their fraudulent services.
-
What I don't understand is how scams like doublemyspeed.com and mycleanpc.com are allowed to air commercials for their fraudulent services.
+1
I can't see a reason for avast to not block their domains by Net Shield... :'(
-
Has any virus initiator every be caught and prosecuted?
oooh yes, it happens...
Feds accuse 37 of being Zeus 'money mules'
http://www.theregister.co.uk/2010/09/30/zeus_money_mules_charged/
Police charge 11 over Zeus cybercrime scam
http://www.theregister.co.uk/2010/09/30/zeus_e_crime_charges/
UK cybercops cuff 19 ZeuS banking Trojan suspects
http://www.theregister.co.uk/2010/09/29/zeus_cybercrime_arrests/
http://www.theregister.co.uk/security/crime/
-
@Pondus Looks like the UK is out front in pursuing these criminals. Is there place, activity or organization one can report nefarious activity?
-
@Pondus Looks like the UK is out front in pursuing these criminals. Is there place, activity or organization one can report nefarious activity?
you mean in the US ......hmmmm......maybe here http://www.fbi.gov/ :D
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA).
http://www.ic3.gov/default.aspx
-
What I don't understand is how scams like doublemyspeed.com and mycleanpc.com are allowed to air commercials for their fraudulent services.
+1
I can't see a reason for avast to not block their domains by Net Shield... :'(
Well my HP and MVPS HOSTS file blocks them, which is good.