Accelerated numbers of "AntiVirus2008" software installs are popping up, created by our familiar developer friends in the Ukraine (yes, that is sarcasm), which can be found at "hxxp://www.antivirus-scanner.com". We're seeing installs from a file named "antvrsinstall.exe", which is dropping "antvrs.exe". Here's another fraudulent screenful from its distributors. There are no dangerous files or viruses detected on the system as they state, because the web site isn't really scanning my system:
Quarantine it if you see a popup from threatfire, warning you of "PuA.Rogueware".
5 comments:
The website you wrote about appeared in my browser when I tried to click on a friend's MySpace profile. The website kept trying to get me to download the files, but I wouldn't allow it, and ultimately I had to ctrl+alt+del my way out of the situaton.
Question: though I never allowed it to download, should I nonetheless be worried about it having dumped something onto my harddrive?
Schwartz-
Thanks for your comment.
Interesting concern that you have. These sorts of packages of fraudulent AV software traditionally have been delivered using client-side exploits, or the "drive-by" install. That activity seems to be waning a bit.
Nonetheless, malicious sites don't really dump things onto your hard drive, they actively exploit vulnerabilities in your system's software.
So simply visiting the web page can present risk -- there is cause to pay some attention to your system here. Some questions to ask: is your system fully patched with the microsoft and third party updates (quicktime, etc)? was your system running security software when you visited the site? have you scanned your system with both av software and/or rootkit detections tools like ThreatFire and gmer?
There are online volunteer-staffed boards like at castlecops.com and others offering help, or you could try taking your box to retailers like Best Buy for some paid tech help.
While I cannot fully answer your question, because I have not seen the page you were redirected to, I am confident in saying that there is some cause for concern here. You may get some help at our forums
http://www.pctools.com/forum/
as well. Look for "Viruses, Worms and Trojans" and "Spyware, Adware and Malware Discussion" boards. Good luck!
Slight deviation... Yet another "Virus alert" arrived today Called "Postcard" checked on Snopes.com and they say genuine...
Can you comment ?
Codger
Thanks for the help! I'll make sure to look into this.
It's bloody well messed up that we have to be so vigilant about surfing the net.
Codger-
Sorry, I'm unsure of what you mean by "Yet another Virus alert arrived today Called Postcard". Do you mean that it was named "Postcard" by an AV product?
Anyways, the Storm gang is back to spamming out malicious links to users, which lead to "iloveyou.exe" type executables. If that's what you mean, then yes, it could be malicious. As always, keep your Windows system patched (if you use Windows) and applications and sec products up to date as well.
Post a Comment