Anatomy of a malware scam - XP Antivirus 2008

Discussion in 'malware problems & news' started by ronjor, Aug 24, 2008.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    I think the article is missing a few points.
    It shows us how evil the world is - which you enter voluntarily, click after click. Come on, the entire problem could have ended without anything happening. Furthermore, using a properly set browser (I won't even say another browser to keep the fire low) would have prevented even the initial popup. Popups? Come on...
    Mrk
     
  3. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    True, but I think it is fairly clever nonetheless. It seems to take into account the impatience of the average user who will start clicking on anything to get rid of the pop-ups and return to their mindless surfing. That people will purchase this malware is what I find inexplicable. If you are driving your car and another car suddenly pulls up alongside with a guy leaning out the window yelling "your transmission is slipping, pull over and I'll fix it", would you start reaching for your credit card?
     
  4. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I think it's a combination of impatience, lack of knowledge, and trickery all in one. Even otherwise knowledgeable people are tricked by this thing.

    How often have all of us gone to sites and been hit with popup ads? Did we shut down the browser or click the little 'x' to get rid of the box?

    Click the 'x' on this damnable XP Antivirus 2008 or any of its variants and you've unleashed a curse. Thus, even if people read the pop up and decide they don't want it, by trying to close that popup they've opened it.

    It happened to my wife and at least a couple of other people we know - one of whom I'll admit probably shouldn't be allowed at a keyboard.

    As far as entering the Internet world voluntarily, thus being responsible in some way for what results, can't the same be said of the real world? Is it our fault if we leave home and our house is burglarized, or we're attacked and robbed? The criminal isn't to blame?

    Even if we're well armed, the attack can happen. Being properly armed with the right sort of training can defeat the attacker. In a world of I'm guessing well over a billion computers, what percent are properly trained?
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
    Ron, first of all, excellent find!

    The aim of the article is to inform the reader how devilish the Internet is becoming these days. There are many visitors to Wilders that seek that kind of knowledge, as I did many years ago, and these people could be just average users.

    If that article can save only one soul from falling into a trap, then it's all worth it, because that grateful person will tell others and the chain of information goes on and on. And even for the geeks amongst us, we can marvel at the cleverness used to separate people from their money.

    Keep those articles coming, Ron!
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Very true and that is the point of these type posts. :)
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,213
    Another valid example showing how secure Vista is compared to XP: The author had to reinstall the malware with XP as Vista would block it.

    I know it is only a matter of time for malware to 'update to Vista', nevertheless it shows how MS made an effort to design a secure operating system.
     
  8. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    I have seen "XP Antivirus 2008" on Comodo's freeware firewall site as an innocuous advertisement to buy it.

    It executes upon clicking on it ( just to read the spects, ect.) and it is a real pain as it is difficult to remove completely . Most of it can be removed with freeware anti spy/Trojan applications but it rears itself again later after one believes it has been removed!!!

    One can learn to live with it for a while, but the nag screens soon grates one beyond the threshold of sanity before one is compelled to re image/reinstall the OS to get rid of it completely.

    Off shore malware seems to have shape-shifting aspects to it, so "heads Up" on any advertisement regardless of the sites' usual "good reputation" ( in this case it was a sponsored link from Google).

    A sandbox or a "Returnil" type application would have prevented this infection).
     
  9. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Thats what I like about my Defensewall / Returnil combo. If I run into something like this I just hit the big red button to shut it down and then reboot and Presto!!!! Baddie all gone. :D
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Interesting 7 page article, thanks Ron.

    I pulled a sample for research off the OC site last week for study on it's habits on XP systems. Looks like the blog manager already done some research of his own. This type of malware release setting up on several servers and url's has striking similarities to the old gang of CoolWebSearch. I would venture a guess some of those fellas are of the same group or a newer one that picked up some lessons from them.



    Sheee!!


    EASTER
     
Loading...
Thread Status:
Not open for further replies.