Anatomy of a malware scam - XP Antivirus 2008

Hello,
I think the article is missing a few points.
It shows us how evil the world is - which you enter voluntarily, click after click. Come on, the entire problem could have ended without anything happening. Furthermore, using a properly set browser (I won't even say another browser to keep the fire low) would have prevented even the initial popup. Popups? Come on...
Mrk

 

True, but I think it is fairly clever nonetheless. It seems to take into account the impatience of the average user who will start clicking on anything to get rid of the pop-ups and return to their mindless surfing. That people will purchase this malware is what I find inexplicable. If you are driving your car and another car suddenly pulls up alongside with a guy leaning out the window yelling "your transmission is slipping, pull over and I'll fix it", would you start reaching for your credit card?

 

I think it's a combination of impatience, lack of knowledge, and trickery all in one. Even otherwise knowledgeable people are tricked by this thing.

How often have all of us gone to sites and been hit with popup ads? Did we shut down the browser or click the little 'x' to get rid of the box?

Click the 'x' on this damnable XP Antivirus 2008 or any of its variants and you've unleashed a curse. Thus, even if people read the pop up and decide they don't want it, by trying to close that popup they've opened it.

It happened to my wife and at least a couple of other people we know - one of whom I'll admit probably shouldn't be allowed at a keyboard.

As far as entering the Internet world voluntarily, thus being responsible in some way for what results, can't the same be said of the real world? Is it our fault if we leave home and our house is burglarized, or we're attacked and robbed? The criminal isn't to blame?

Even if we're well armed, the attack can happen. Being properly armed with the right sort of training can defeat the attacker. In a world of I'm guessing well over a billion computers, what percent are properly trained?

 

Another valid example showing how secure Vista is compared to XP: The author had to reinstall the malware with XP as Vista would block it.

I know it is only a matter of time for malware to 'update to Vista', nevertheless it shows how MS made an effort to design a secure operating system.

 

I have seen "XP Antivirus 2008" on Comodo's freeware firewall site as an innocuous advertisement to buy it.

It executes upon clicking on it ( just to read the spects, ect.) and it is a real pain as it is difficult to remove completely . Most of it can be removed with freeware anti spy/Trojan applications but it rears itself again later after one believes it has been removed!!!

One can learn to live with it for a while, but the nag screens soon grates one beyond the threshold of sanity before one is compelled to re image/reinstall the OS to get rid of it completely.

Off shore malware seems to have shape-shifting aspects to it, so "heads Up" on any advertisement regardless of the sites' usual "good reputation" ( in this case it was a sponsored link from Google).

A sandbox or a "Returnil" type application would have prevented this infection).

 

Thats what I like about my Defensewall / Returnil combo. If I run into something like this I just hit the big red button to shut it down and then reboot and Presto!!!! Baddie all gone.

 

Interesting 7 page article, thanks Ron.

I pulled a sample for research off the OC site last week for study on it's habits on XP systems. Looks like the blog manager already done some research of his own. This type of malware release setting up on several servers and url's has striking similarities to the old gang of CoolWebSearch. I would venture a guess some of those fellas are of the same group or a newer one that picked up some lessons from them.



Sheee!!

EASTER