What’s that? Winifixer! Here are some comments from the web site:
“Statistics approve that virus and trojan attacks damage more than $3 million/hour and the new virus appears each hour. One of them, virus Sasser. A, infected million of computers at the first hours after let out and caused billions damages. It had been corrected within a lot of months.”
Scared yet? Or do you just find the wording and explanation a bit odd? Let me see, let’s work with those figures. In a day, that’s $72 million in damages. In a week, it’s half a billion dollars. By the end of the year, that adds up to almost $200 billion.
And it points out that almost EVERYONE’s system is infected! WOW! 91% is a big number!

If you haven’t read our previous posts, you might not be aware that there are a number of misleading applications being distributed on the web by malicious web site operators. Stuff that we’ve been calling “Rogueware”. Some AV vendors prefix the detections with “not-a-virus: Fraudware”, some will call the stuff a “Troj_Renos”, some call it a “Misleading Application” and some call it “Rogue Security Software”. Some AV vendors have been blogging dramatically about this software and how it was originally distributed, via fake codecs.
Here is the page that offers up the WinIFixerInstaller.exe download for only $99.95:

What? You’re not sure if you want to install that one? Well, you can always install something just like it…called the AdvancedXpFixer! It makes the same exaggerated claims as the site mentioned above, and offers up the AdvancedXPFixerInstaller.exe download. Are you seeing double? Maybe!

My favorite part is where they provide links on the “company” page to securityfocus articles about developing av engines and heuristics. That’s good stuff.

How might you wind up with these pages or software on your system? As always, patch your system! The software is partly being distributed using a few ugly old drive-by client side exploit tricks to run some downloaders on your system without you knowing it when you browse a malicious web site. Successful exploitation also results in a huge fake alert on your system’s desktop wallpaper, telling you about all the malware on your system. The malicious sites also download and execute multiple spam bots and other malware, making your system a major problem and source of spam. Double the fix, er.

Update: while double is interesting, triple is all the more exciting!

This entry was posted on Thursday, May 22nd, 2008 at 5:02 pm and is filed under Exploit, FakeAlert, Rogueware, Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.