More victims recently of rogue AV programs

[polonus]

Hi forum friends,

In the postings for help we recently see a lot of cases where people have clicked on links to rogue malware cleaners. This can lead to additional spyware or adware, like for instance purity scan: http://www.spywareguide.com/articles/article_show.php?id=10
You can be aware the next time to what you are abouy  to click on through  installing siteadvisor into your browser from http://www.siteadvisor.com where all green links are free of malware downloads or spam mails. Or you can pre-scan the hyperlink you are about to click for malware using DrWeb's add-on for use in IE, FF, Flock or Opera browsers from here:
http://download.drweb.com/drweb+antivirus+free+services/#01
I hope this will help you to avoid infection through clicking unto malware ridden sites.

polonus

[CharleyO]

***

Thanks for posting that info, Polonus, as I am sure it will help someone.   


***

[PigDog]

Spy Falcon seems to catching out many of my fiends recently, I've removed it from three machines in the last two weeks, and removing it is a tedious process.

In each instance the user swears that they have done nothing in order to get infected (such as responding to a pop-up), and two had good AV and firewall installed.

Any idea how Spy Falcon finds it's way onto machines?


PigDog

[FreewheelinFrank]

About a week ago someone sent me a link to a web page, that if visited using a version of Internet Explorer that hasn’t been patched with December’s security updates, slams the system with deluge of malware (several sites download the same malware package using the recently discovered WMF vulnerability). After the infection is complete, which is so extensive it takes close to five minutes, a system is loaded with 8 viruses, 8 spyware packages and 7 adware products. Subsequent to the installation, Internet browsing is made virtually impossible by the constant popups and popovers and processes are constantly connecting to remote SMTP servers and web pages.

You can watch the initial infection process in a movie I made.

http://www.sysinternals.com/Blog/

These drive-by infections often include a rogue anti-Spyware application- on Mark's blog it was SpySherrif- so I guess SpyFalcon is doing the same thing.

The users were either late in patching their machines, or were exposed to malware exploiting an unpatched vulnerability during the window of opportunity before a patch was issued. Malware is currently exploiting such a Window of opportunity with IE of course:

http://www.eweek.com/article2/0,1895,1944579,00.asp

[polonus]

Hi FwF,

Yes these are all similar kind of drive by infection, also known as the smitfraudgang. You can read about this here:
http://forums.maddoktor2.com/index.php?showtopic=3601

There is a whole variety of similar scenario's for the same malware, and it has been going on for years now. And as we are seeing lately in our forum postings this malware is continuously making victims.

polonus

[neal62]

Thanks for the heads up on this post Polonus. Have a nice day.