New trojan possibly masquerading as Ad-Aware

Discussion in 'malware problems & news' started by TonyKlein, Oct 16, 2002.

Thread Status:
Not open for further replies.
  1. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    From http://www.lavasoftsupport.com/index.php?s=016c6466abce0c1a62a15906647ecaa3&act=ST&f=1&t=163&st=0&#entry606 :

    WARNING!

    It has come to our attention that there may be a new virus and/or Trojan masquerading as a legitimate Ad-aware download. This file or software is called aware.exe or some variation of this. We have also been informed that there may be someone out there who is actively using pop ups that seem as though they are from LavaSoft. Please be sure to only download our products from the official mirror sites listed on our downloads page:

    http://www.lavasoft.de/downloads.html

    This includes ONLY the following sites:

    Mirror Sites:

    http://www.majorgeeks.com/article.php?sid=506
    http://www.pcworld.com/downloads/file_desc...fid,7423,00.asp
    http://download.com.com/3000-2094-10115988.html
    http://www.winsite.com/bin/Info?5000000038314
    http://www.wyvernworks.com
    http://www.networkingfiles.com
    http://fileforum.betanews.com
    http://www.cheetaa.com
    http://www.ExaltedHosting.com
    http://www.mentaldimensions.com
    http://www.bagpipes.net

    In the interim, we are aggressively investigating these reports and are looking at every example of them we can locate. If you suspect that you have been infected with a virus of this name or are experiencing pop ups that look as though they came from LavaSoft or seem to advertise any of our products, please contact a Moderator or Administrator immediately and we will investigate this. You can also send information to the following address:
    urizen@lavasoft.de
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks for the heads up, Tony.

    Sure like to grab a copy from this one. I'll contact Nicholas (Urizen).

    On a side note: the file available from our downloads page is clean ;).

    regards.

    paul
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    You're welcome, Paul.

    I'm not sure they actually have a copy of this one already, but you can be pretty sure they're, in Urizen's words, "aggressively investigating" this as we speak... :rolleyes:
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Tony,

    I'm sure Nicholas is - rightly so. I dropped him an email to send us a copy from this nastie in case he grabs one. Let's wait'n see...

    regards.

    paul
     
  5. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Hi Guys!

    Wouldn't it be nice if websites and pop-ups could come with a unique encrypted serial number/ID? That way you could tell the difference between the real one and a knock-off. Could this work?

    Just an idea that "popped-up" in my head as I read this posting. Thanks for the warning about the Adaware knock-off/Trojan.

    Best regards from Larry!
     
Loading...
Thread Status:
Not open for further replies.