Sunday, September 19, 2010

Fake Antivirus, A great Risk

Fake antivirus or more precise - fake antimalware, or rogue security programs - is a generic description for all types of malware that pretend to be protection software against virus, spyware, Trojans and other types of malware. In reality however, fake antimalware is malicious software. The most used spreading mechanism is drive-by infections from visiting web sites.

One popular technique is to manipulate search engines to display search engine results using search words that are "hot" to display web sites that are infected by fake antimalware. Such words are f.ex. big media events and other issues that people usually search for. Another technique is propagation through malicious advertisements.

The idea behind Fake Antivirus is to trick infected users into purchasing the fake antivirus product by displaying information that the computer is infected even if it is not. Some of the rogue security programs may display product names or logos in an apparently unlawful attempt to impersonate legitimate product. Some versions also disable legitimate antivirus programs, and block Internet access to security sites. The fake antimalware products often download other malware components, which in turn may download other and update themselves with new/updated modules. The result is that the malware is difficult to remove and may be quite persistent in its attempts to convince the users to buy the product.

Removal: Norman's antivirus products are in general able to remove all malicious software that is detected. Some malware, however, uses techniques that the general product does not remove sufficiently. Therefore, the free product Norman Malware Cleaner is most widely used.

Monday, September 13, 2010

“Here you have” Email Virus - W32/VBMania@MM


A new version of "I love you" virus/worm called "Here you have" Virus came ou. All it does when ran is distribute itself using your addressbook. Many big corporations were hit, and antivirus software had to release an emergency updates.

Clean “Here you have” Email Virus

US-CERT have issued alerts of a worm spreading through email with the subject "Here you have" and being identified as the W32/VBMania@mm or “VBMania” worm. The virus has been spreading primarily via email, asking recipients to click on a link masked as a PDF file that actually links to malware being hosted on an external server. In a sample, an emailed contained a link to “PDF_Document21_025542010_pdf.scr’” which directed users to malware hosted on the domain “members.multimania.co.uk”. The virus had been spreading rapidly but researchers are saying that volume has dropped significantly once the site hosting the malware was shut down. When a user clicks on the link, their computer instantly downloads and launches the malware.

The worm also attempts to spread from computer to computer over local networks. So, disable network sharing and/or disconnect infected computers from the local network and Internet and block outbound traffic to the domains/ IP addresses contained in the malicious e-mail to prevent users connecting to distribution sites to download.

Stinger utility is used to detect and remove this threat. Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a tool to assist administrators and users when dealing with an infected system.