Archive for February, 2008

Fewer viruses

Friday, February 29th, 2008

One of the most prolific and well known groups from the vx scene has closed up shop this February:

Can’t say that we’ll miss the virus writing from 29A.

This Spanish-based group released their first “zine” back in the mid-90’s — that was ten years and eight issues ago.
Unfortunately, we’re seeing that the activities of these guys in 2008 is being replaced with the sort of scam software that we’re calling “Rogueware“, password stealing of all sorts, and ongoing botnet activity. The motivations behind malware development continues to move away from virus writing for reputation and towards malware development for financial gain.

IM Skype Spam

Friday, February 22nd, 2008

We continue to get copies of IM Spam in our Skype accounts. “ATTENTION! Security Center has detected malware on your computer!”, all from “Mr. AntiVirus Notice”. Chances are, you are too. Last year, variants of malicious worms were using skype to spread, and then slowly the rogueware money makers decided to cash in on the same methods.

We decided to visit the web sites in our labs, to find out what they still have to offer. Here is the original message. It appears that distribution of this spam message has been hitting peaks a couple of times a month since November:

When we visited the site at the provided link, the page seemed to somehow, without prompting, scan the system for malware through my Firefox browser (legitimate software cannot and does not do this on a computer). Little progress bars began filling up and scary things were reported to be detected:

When this supposed scan finished, the page presented a stunning warning, bad stuff was detected:

Even though this system is completely clean, it might be fun to select the “Remove All” button. The next page that is provided is their shopping cart — just a quick suggestion, really:

Knowing that my system was completely clean, I clicked on the “close” button for this shopping cart. Instead of closing the shopping cart, the site immediately warned that my system would be infected, in other words, if I didn’t cough up the cash. “Don’t close this window if you want your PC to be clean.”:

Finally, when the user has been intimidated or confused enough to cave in and clicks “Ok”, they are presented with a final order form:

Is any malware on the machine? No. Does this user need to pay $20.00 to clean Rootkits and Backdoors off a system here? No. Ignore Skype spam and misleading advertisers.

Here come the mounties

Friday, February 22nd, 2008

I wonder if they didn’t see the bright red jackets galloping towards their hard drives? Another botnet ring got busted in Canada.

This story is bigger than I thought…”Police in Quebec arrested 17 people on computer-hacking-related charges in the largest sweep of its kind in Canada“.

It’s not just the U.S. Fbi performing these major 2008 investigations and arrests.