Fake Antivirus is 15% Of All Malware

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
After a thirteen month study that included almost 240 million websites, Google says that fake antivirus offerings are behind fifteen percent of all malware. This is why we always tell you to spread the word to friends and family about this stuff, because a lot of people are duped by this crap.

A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software, a Google study to be released on Tuesday indicates.
Click to expand...
 
didnt read the article, but 15%?? Come on now, at least my customer is more like 15% is NOT fake A/V related malware...
 
I would have to say that % is low Almost 80% of PC I work on have that crap on there b/c of dumb end users thinking they have a virus and that malware tells them to get it to remove the virus from their computer.
 
the guys who make this stuff are just downright evil. not "I'll I'll steal your wallet" evil, but "I'll stomp your puppy to death just for fun" evil.
 
When I recommend people use anti-virus/malware I do it by name and not just telling them to "google it". We still have ads for crap like "Tripplemyspeed.com" running on our radios and TV. When I have to go and clean someones PC these kinds of "services" are always the first I find and remove. I really don't see how all this snake oil, both ads and pop ups can be legal. Fastclick and others internet ad/pop-up companies are just as guilty of spreading this crap.
 
dgingeri said:
the guys who make this stuff are just downright evil. not "I'll I'll steal your wallet" evil, but "I'll stomp your puppy to death just for fun" evil.
Click to expand...

A few years ago malware was not too bad when it came to removal. Safe mode, malwarebytes, and you were done. Now this malware just completely disables every service you need to get at it. Even when you do get it off, the settings are so screwed it's pointless. I pretty much tell customers with this malware/fake antivirus stuff that they are likely looking at a reformat.
 
So let me get this straight, some yahoo, "hacks" into Palins Yahoo account gets into deep doodoo, YET these F%CKER$ putting out this crap don't get tracked down and their nuts cut off?
Even heavy spammers are getting tracked down.
From what i can see, this stuff is more destructive and time consuming to remove than actual trojans/virus. And most, if not all antivirus programs don't detect this stuff.
 
the-one1 said:
From what i can see, this stuff is more destructive and time consuming to remove than actual trojans/virus. And most, if not all antivirus programs don't detect this stuff.
Click to expand...

Many fake antivirus are installed by trojans themselves. The process goes like this:

User gets infected
Trojan disables real Antivirus
Trojan downloads and executes a bunch of misc malicious programs
Trojan installs fake Antivirus
Fake Antivirus notifies user he's infected with crap that it itself installed
Fake Antivirus offers solution, but only if the user inputs his credit card information

I can see how some novice users would fall for it, so it's no surprise really.
 
dgingeri said:
the guys who make this stuff are just downright evil. not "I'll I'll steal your wallet" evil, but "I'll stomp your puppy to death just for fun" evil.
Click to expand...

IThank god it's not "I'll steal your wallet"(democrats) evil, I would be more worried.
 
PornoSatan said:
...................
Fake Antivirus offers solution, but only if the user inputs his credit card information
...........................
Click to expand...

Couldn't you track down where the money is going and hence the person responsible for this? It's like signing a virus you made with your name and address.
 
the-one1 said:
Couldn't you track down where the money is going and hence the person responsible for this? It's like signing a virus you made with your name and address.
Click to expand...

Well from my experiences with them that's where I've stopped. I doubt it would go to the real John Smith Trojan Author's Paypal for example, the information is probably just stolen and is seen somewhere down the road in underground credit card trading scene. Just a guess though.
 
OCgamer666 said:
IThank god it's not "I'll steal your wallet"(democrats) evil, I would be more worried.
Click to expand...

I thank my atheist mind its not "I'll deregulate the system, steal your money and distribute it to the top 1% of the already wealthy, cronies, and no-bid military contractors." Bush evil, I would be more worried.
 
that trojan really, really is a bitch to get rid of....

my girlfriend got it on her corporate computer one day and I really, really had to dig deep to get it under control...

and the worst part is how it installed itself.... all she had to do was navigate to a website that was infected... thats it, the program silently installed, no user input whatsoever....

although my personal computer wasn't pwnable.... probably has something to do with the incompetent IT administrators at her job.... her laptop is Vista service pack 1, running internet explorer 7, protected mode off, and UAC disabled...

seriously at least 9/10 IT people are fucking retards....
 
soulpunisher said:
I would have to say that % is low Almost 80% of PC I work on have that crap on there b/c of dumb end users thinking they have a virus and that malware tells them to get it to remove the virus from their computer.
Click to expand...

I will not go that high but 1 out of 2 for me. just had to wipe a disk last night due to wacked vista install, two of the viruses being fake anti virus programs
 
My idiot ex called me up to fix her computer after she installed one of these. She also stupidly tried to buy the antivirus and paid somewhere around $80 to these scammers. Definitely someone with looks but no sense.
 
I have tried to go out and find these fake antivirus programs, I can't seem to find them on my own lol That doesn't stop 80% of the users with messed up computers though lol If anyone knows of some download links pls PM me with the link. I love to put that stuff on VM's and toy with em.
 
brucedeluxe169 said:
that trojan really, really is a bitch to get rid of....

my girlfriend got it on her corporate computer one day and I really, really had to dig deep to get it under control...

and the worst part is how it installed itself.... all she had to do was navigate to a website that was infected... thats it, the program silently installed, no user input whatsoever....

although my personal computer wasn't pwnable.... probably has something to do with the incompetent IT administrators at her job.... her laptop is Vista service pack 1, running internet explorer 7, protected mode off, and UAC disabled...

seriously at least 9/10 IT people are fucking retards....
Click to expand...
http://www.joyunbound.com/2010/04/securing-your-network-and-browsing-experience/

At home, I have a VM setup on a server strictly for cleaning up harddrives and flashdrives. Autorun/play is disabled entirely on the system (including VM); VM has NOD32, MSE, CCleaner, Spybot, MalwareBytes, Housecall TrendMicro, ClamAV, SpywareBlaster, ComboFix, and I think a couple of other things. I take out infected machine's HDD, pop it into the server, mount it in VM, and clean.

This isn't the "cleanest" solution, as the server is used for other things, but for the most part it works alright. A rootkit could possibly do damage, but otherwise I can't quite see how, if Autorun/play is disabled, a virus from an infected HDD could spread.. *shrugs*
 
This is one instance where I genuinely feel sorry for the stupid people. We spend so much time and energy to convince them that they need to watch out for malware and make sure they use antivirus software. So they finally decide to listen, and they end up installing this crap...what are we supposed to say then? "No, not that antivirus software...that's actually malware that pretends to be antivirus software." Most people I know would stop listening at that point and write me off as a paranoid conspiracy theorist. And I can't really say I blame them.
 
punisher said:
A few years ago malware was not too bad when it came to removal. Safe mode, malwarebytes, and you were done. Now this malware just completely disables every service you need to get at it. Even when you do get it off, the settings are so screwed it's pointless. I pretty much tell customers with this malware/fake antivirus stuff that they are likely looking at a reformat.
Click to expand...
Then I have to say "UR DOIN IT RONG!".

MiniXP from Hiren's BootCD to manually find the offending files and registry entries and/or an AV LiveCD/USB bootable flash drive. Combofix. Malwarebytes. Spybot. Gives me a 99.99% clear rate.

As to the article---only 15%? The fraudware/scareware is probably 60-75% of the crap out there now.
 
This is just one of the 2 dozen or so reasons I've been anti-virus free for a decade.

I've been malware free and virus free the entire time too. Meanwhile, my brother's computer is getting assaulted like no other. Thankfully the new anti-virus program he just got should fix that right up...
 
Several months ago, my granddad's PC got the reaming of its life after he downloaded AntiVirus 2009, or whatever the hell it was called (he paid for the "fix", too :rolleyes: ). I live hundreds of miles away from him, but miraculously he still had an internet connection and a LogMeIn client running in the background so I was able to remote into his computer, killed just about every process (getting into the task manager was next to impossible, however, Mr. Fucktard Viruswriter forgot to disable CTRL-SHIFT-ESC), installed and ran MBAM, and installed Avira Free and Avast to clean up the left over remains. It wasn't a pleasant experience. Aside from relying on a remote connection and instructing someone who is still barely grasping on the concept of a computer mouse, his machine was a 10-year old, 600MHz Celeron with 384Mb RAM running a copy of XP Home that was installed on top of a former Windows Me installation. The virus and malware scans nearly took a full day to complete.

A couple of months later, my parents bought him a cheap laptop as a replacement for his aging dinosaur of a machine. Before shipping it out to him, I was tasked to clean up and optimize the Vista install that was on the notebook (ahh, the "blessing" of being the family's computer guy). I obliterated the Vista partition, and put a nice, clean install of Windows 7 as a replacement. I created a limited user account for him with UAC settings at full throttle and a heavily password-protected admin account for me for remoting. Installed updates and necessary software and shipped it off to him. Fast-Forward to just a couple of weeks ago, I get a call from him complaining about no internet connection. I was still able to remote into his machine and load Google.com in IE under the admin account, yet his account wasn't able to get a connection. Strange :confused:. I go through the usual checklist of reasons as to why his account's access to the internet was blocked, but came up with nil. Finally, I decided to reboot the machine. After logging back into the admin account I got a UAC popup asking me to run the Windows Malicious Software removal tool. After clicking yes, it informed me that it caught a file relating to another variant of fraudware going around. I panicked and ran several virus scans, however I found no other trace of the virus. Thank God for limited user accounts! I did think that the virus still fudged with something network related under my granddad's account, so I rechecked any related settings. Sure enough, when I checked the connection settings in IE under his account I found that the proxy settings had been screwed with. A check box here and there and his account was granted access to the Internet again.
 
soulpunisher said:
I would have to say that % is low Almost 80% of PC I work on have that crap on there b/c of dumb end users thinking they have a virus and that malware tells them to get it to remove the virus from their computer.
Click to expand...
I agree that 80% of the infected computers I see on a daily basis are this retarded fake antivirus crap. However, people only take their computers to get repaired when they're un-usable. How many have malware and don't know it? That said, the % is still definitely too low.
 
Same here. It's gotten to the point where someone calls up with a virus problem and I say " let me guess... it pop up saying you have tons of viruses and then asks you to pay to have them removed?" and they're like "That's exactly it! How did you know that?"

I know it's bad but those fake antivirus viruses have been generating gobs of buisness for me. I love them.
 
pantsburgh said:
I agree that 80% of the infected computers I see on a daily basis are this retarded fake antivirus crap. However, people only take their computers to get repaired when they're un-usable. How many have malware and don't know it? That said, the % is still definitely too low.
Click to expand...

I haven't read the article but I am going to guess that they are including corporate users. while I haven't seen 80% (I am thinking ~50%) the number we are seeing in no way is close to 15%. I wonder what we would see if we ran an actual poll on it?
 
Is it hard to use anti virus software that you hear other people talk about\use?
 
A lot of infections come from sites, sometimes quite valid sites, that use rotating ad's from an ad service. All you have to do is hit the site when an infected ad has been injected, and boom, you're done for.
 
I can believe this. At work we still use stupid Windows XP and users have admin rights because of stupidly written programs that require it. Nearly all of our malware attacks are fake AV.

3 weeks ago I was working on a machine that had been hit with a particularly nasty one. Never before I have I seen Safe Mode get infected until this fake AV. I don't know where the user picked it up but it was a fake AV that further infected with at least two different root kits.

Ended up slaving the drive, cleaning it, saving user data and doing a wipe and clean install.
 
One major thing with these programs is that they look completely legit to non-IT's eye's...

That being said, anyone should be aware of the clues, such as a flash video being played WITHIN a browser, asking you to pay to clean your hard drive for you, the speed in which it actually worked, etc.
 
TechLarry said:
A lot of infections come from sites, sometimes quite valid sites, that use rotating ad's from an ad service. All you have to do is hit the site when an infected ad has been injected, and boom, you're done for.
Click to expand...

THIS. SEO poisoning is the other primary vector for these infections.
 
Combofix is everyone's friend to remove these pests. Unfortunately it works on 32bit only. 64bit can be tricky. Now why does every antivirus software known to man let these things through without so much as a warning?

Cheers!
 
norton is fake antivirus.

is it installed by default without your permission? (go buy a computer)
does offer any real antivirus protection? (after the trial period)
does it show you ads? (buy more norton security products!)
does it slow down your computer? (...)
is the uninstaller broken? (yes)
will paying stop the nagging? (hell if i know)
 
This hit me a couple days ago when trying to move one of those tiny one inch pop up windows with nothing visible. A reboot and F8 to "Last Know Good Config" fixed it. Avast didn't block it though.
 
Vermillion said:
I can believe this. At work we still use stupid Windows XP and users have admin rights because of stupidly written programs that require it. Nearly all of our malware attacks are fake AV.

3 weeks ago I was working on a machine that had been hit with a particularly nasty one. Never before I have I seen Safe Mode get infected until this fake AV. I don't know where the user picked it up but it was a fake AV that further infected with at least two different root kits.

Ended up slaving the drive, cleaning it, saving user data and doing a wipe and clean install.
Click to expand...

Here Here! Same boat as you...

We use SEP which isn't so bad anymore. The good thing about these fake AV is that they are actual programs with fairly standardized exe names.

We then use SEP to block the exe from running which works pretty good, sep stops it from running and then can easily delete it.
 
You must log in or register to reply here.
Back
Top