AntiVirus 2009 - Avoid these Fake Antivirus Trojan attacks

myITforum.com Community Forum

Home Forums Blogs Live Support chat Search Articles Wiki FAQ Email Lists Register Login My Profile Inbox Address Book My Subscription My Forums

Photo Gallery Member List Search Calendars FAQ Ticket List Log Out

All Forums RSS Feed Subscription:

AntiVirus 2009 - Avoid these Fake Antivirus Trojan attacks

View related threads: (in this forum | in all forums)

Logged in as: Guest

Printable Version

All Forums >> [Security, AntiVirus, and Patching] >> Breaking Virus & Security News >> AntiVirus 2009 - Avoid these Fake Antivirus Trojan attacks

Page: [1]

Message

<< Older Topic Newer Topic >>

AntiVirus 2009 - Avoid these Fake Antivirus Trojan attacks - 8/15/2008 9:03:22 AM

hwaldron

Posts: 3586
Score: 264
Joined: 9/12/2002
From: Roanoke VA, USA
Status: offline

Malware writers use every trick in the book when it comes to social engineering schemes. AntiVirus 2009 employs some convincing graphical displays to trick users into thinking they are infected and to install this product for cleaning. It appears to be spreading through email, IM, and social networking websites. New variants are also constantly emerging in these spam runs to avoid AV detection.

If any infection is found, users are much better served installing a true mainstream AV solution instead. In addition, to full feature AV products, there are even good free alternatives, that can do a good job in basic prevention or cleaning.
As a golden rule, never install any type of software from an email link. In fact, it's always beneficial in avoiding taking ANY actions on most email messages you receive.

AntiVirus 2009 - Avoid these Fake Antivirus Trojan attacks
http://blog.trendmicro.com/fake-antivirus-trojans-ramping-up/
http://sunbeltblog.blogspot.com/2008/08/new-rogue-power-antivirus-2009-uses.html
http://sunbeltblog.blogspot.com/2008/08/more-malware.html

QUOTE: Researchers at TrendLabs have discovered a new set of rogue antivirus software circulating in the wild. Based on initial analysis, these threats arrive mainly via spammed email messages that contain a link to a bogus celebrity video scandal, although we have also received reports that the said link is also circulating in instant messaging applications and private messages in social networking Web sites.

RENOS Trojans are known to have very visual payloads that may further alarm users (for example, they modify the system’s wallpaper and screensaver settings to display BSOD). Thus, users may be more convinced that something’s wrong with their system, not knowing that their new software is the one causing it.

_____________________________

Harry Waldron - Security News & Best Practices Blog

Post #: 1

RE: AntiVirus 2009 - Avoid these Fake Antivirus Trojan ... - 8/21/2008 9:30:02 AM

direland

Posts: 133
Score: 0
Joined: 3/26/2004
From: Bedford, IN
Status: offline

Hi Harry,

We were hit with this last week. Unfortunately, our ePO and VirusScan 8.5i with Anti-Spyware module setup did not catch this. Actually, the VirusScan Anti-Spyware module doesn't seem to catch anything except for some cookies.

What are your thoughts on this? What would you recommend for spyware/adware detection and removal on an enterprise basis?

Thanks,

Dan

(in reply to hwaldron)

Post #: 2

RE: AntiVirus 2009 - Avoid these Fake Antivirus Trojan ... - 8/21/2008 9:53:26 AM

rmcclinton

Posts: 509
Score: 167
Joined: 4/8/2003
Status: offline

Personally I think adding a antispyware software product to desktops that already have antivirus is a belt and suspender approach. You've got two things doing overlappng jobs. The best way in my opinion is no longer multiple best of breed solutions installed on the desktop.   Most people are looking for single engine, single management.

With any signature based system you are going to have misses.   People didn't start installing enterprise antispyware because of the occasional miss. They installed it because corproate AV solutions were ignoring antispyware because they were afraid of legal threats.   That is no longer the case anymore.

Eugene Kaspersy said there is no antivirus and antispyware. There is only antimalware.   If you're buying separate products for antivirus, antispyware and antirootkit, I think that all three of your vendors are failing you.

But to answer your question, I would look at Sunbelt Software's counterspy.  When I evaled corporate antispyware products a few years ago they hadn't quite come out yet, but they seem very popular.   I'd stay away from PestPatrol but that is just my anti Computer Associates bias.   We are going to not renew Webroot this year. I didn't see it doing much that SEP11 wont do for us.   Managing both SAV10/SEP11 and Webroott Spysweeper Enterprise just wasn't worth it.

I'd also suggest a layered approach.    If you had messagelabs for email security these emails would not have gotten though. If you'd had antivirus scanning http downloads (particularly with a different av engine) then you would have had a better chance of preventing this. Of course people still take computers home and infect them, but that's going to happen when users have admin rights or you arne't using hips to lock down the system.

_____________________________

Roger' s Infomation Security Blog
CISSP,GIAC:GCNT,MCSE

(in reply to direland)

Post #: 3

RE: AntiVirus 2009 - Avoid these Fake Antivirus Trojan ... - 8/22/2008 4:42:07 PM

hwaldron

Posts: 3586
Score: 264
Joined: 9/12/2002
From: Roanoke VA, USA
Status: offline

Malware Close Encounters - Close Pop-ups using Task Manager to safely exit

The AntiVirus 2009 attacks are particularly troublesome as they can download and install silently on a PC by just visiting a website. However, the payload still requires a mouse click when the Antivirus pop-up suddenly appears stating the user has an infection. These are very advanced malware attacks to prevent, detect, and clean so avoidance is your best defense.

In fact, this clever social engineering attack may simulate past experiences where the legitimate Anti Virus product has found a virus and presented it to the user. Users who are not technically inclined may even think this is their own Anti Virus system warning them.

When a malware pop-up appears of any type, your PC is in trouble at that point. Sometimes however you can avoid more extensive damage by exiting out and getting immediate help in cleaning. If you can safely exit out of these types of pop-up windows your system for silent downloaders, sometimes your PC may not become infected.

Avoid any clicking or pressing the enter key, as "NO" or "CANCEL" may be secretly programmed to be a "YES". Malware writers won't have the best ethical conduct and they want to use any mouse click available to let the attack enter into the Windows environment (even a "NO" or "EXIT"). Instead use this approach:

USE TASK MANAGER TO SAFELY EXIT MALWARE ATTACKS

1. The easiest way to launch task manager in Windows is to press: Ctrl+Shift+Esc

2. Press the applications TAB (if it's not already positioned there)

3. Select the pop-up TASK

4. Press End Task button at bottom to close it

5. Then seek technical help on cleaning ... If you're not experienced, my #1 tip is to have a friend or relative help you so that you do this safely and minimize losses to your PC.

Additional resources can be found from these experts below:

How to Safely Close a Pop-Up Window In Your Browser
http://aumha.net/viewtopic.php?f=26&t=32872

Don't Close That Pop-Up Window! - Clicking "No" May Mean "Yes"
http://netsecurity.about.com/od/popupsandspyware/qt/aaclosepopup.htm?nl=1

How to invoke Task Manager
http://en.wikipedia.org/wiki/Windows_Task_Manager
http://support.microsoft.com/kb/323527

_____________________________

Harry Waldron - Security News & Best Practices Blog

(in reply to rmcclinton)

Post #: 4