Screen Shots of Current Rogues

Discussion in 'other security issues & news' started by tipstir, Jun 2, 2009.

Thread Status:
Not open for further replies.
  1. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    There is a fake PrevX malware cleaner called: UnVirex Rogue as of june 2009.
    This link shows you screen shots and how the rouge attacks the OS system files and registry. Also what's out there in the rouge world to watch out for. You can also block these rouge programs by IP address into your own firewall software if you like. Some have IP address listings.

    http://siri-urz.blogspot.com/search/label/ScreenShots
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for the link!

    Screenshots are a great way to inform people what to look out for.

    ----
    rich
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    It's amazing how good some of the rogues look. I can see why some folks are tricked.
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    That sure looks like the Window Security Center shield on one rogue.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Many are fake scans that pop up as the user is surfing. Those that are tricked by these either have no AV or have no confidence in what they do have, else they would just ignore the trick.

    More devious are rogue sites that come up in a search, where the unwary user, in looking for an AV, is tricked into installing one of these products directly from a bogus site.

    ----
    rich
     
  6. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    What makes you say it is a fake Prevx?
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hmm... I don't see how this is a fake Prevx version. We did have a fake version of Prevx pop up at download.com a while back but it looked like one of our first versions rather than this. If you have a copy of this file, let me know and I'll take a look :)
     
  8. benton4

    benton4 Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    158
    Location:
    Oregon
    Thanks for the info, Tipstir. It's a shame that there is so much junk out there. Many folks, I'm sure, get fooled into buying these fake programs.
     
  9. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Looks nice, might buy it lol !!!
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    They look very user friendly.
     
  11. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    Welcome Rich,

    Might want to make this a sticky since that link data on that site changes with newer rouges. 7 new ones pop-up since after I posted this subject.
     
    Last edited: Jun 4, 2009
  12. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    The name and look of the file looks like rouge PrevX. I don't have this file nor do I want such a file. These rouges are dangerous. I've been to home users who have them running on their systems.
     

    Attached Files:

  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    There seem to be at least three ways users get these bogus AV products. You may know of other ways!

    I mentioned one, where in a search for AV products, the user is led to one of the bogus sites and then directly downloads/installs the rogue product.

    This is difficult to protect against because the users are usually not well-informed about the best popular products.

    Another method is when the rogue product installs with another piece of software, as with Unvirex:

    Unvirex description
    http://www.spywarevoid.com/remove-unvirex-un-virex-removal-tutorial.html
    New rogue: Unvirex
    http://www.lavasoft.com/mylavasoft/securitycenter/blog/new-rogue-unvirex
    Good advice here is to immediately close out the site where you are prompted for a codec or Flash update in order to watch a video. These don't appear just on non-family oriented sites any more - Facebook had its share of this type of exploit - remember Koobface?

    A third way I mentioned briefly, where the user is redirected from a site compromised by code injection.

    This is actually the easiest to prevent, because its sucess depends on the user having Javascript enabled for all sites. In today's browsers, it's easy to configure scripting per site, so that in case the user is redirected to an exploit site, with javascript disabled, you get a blank screen:

    blank2.gif

    If Javascript is enabled, then the fake scan screen will appear, and it's off to the races!:

    fakescan.gif

    Often, in conversations with friends, if the topic of computing comes up, I ask if they have AV. Most do, but I mention the rogue products tricks just so that they will be aware.

    If I'm helping someone at their house, I'll show some screenshots. I keep a collection handy -- visual effects help make the point.

    ----
    rich
     
  14. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
  15. FiOS Dan

    FiOS Dan Registered Member

    Joined:
    May 24, 2006
    Posts:
    86
    Location:
    Redondo Beach, CA
    Interesting that you should mention this because just yesterday I was listening to the radio, on the way home in the car, and this so-called computer expert was telling people that it is nuts to run without an AV because you think that you can not afford one, when all you have to do is "Google" for free AV programs. :eek:
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    I liked Crusader anti-virus. Download HIM and forget about spyware. Aha!
    BTW, the GUIs are good looking, well done. Which only emphasizes the importance of command line. When you're blind, you listen more carefully.
    Mrk
     
  17. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    This one WiniBlueSoft, a cousin of mine told me about this program he said it was really good. But one thing he didn't know it was a rouge and he couldn't get it off his PC. It was too late for him as this wasn't the only rouge on his system. I get calls always and it's just too bad none of them ever both to call first. These rouges are made by some upset programmers who might have lost there jobs and to fight back then create all these nasty pesty rouges that can damage your OS, registry, file system and leave some destructive worms on the system. Like:

    I.CMD
    worm autorun.inf

    Well I hope this stuff helps the community learn what to block before it hops on. Those sites that tell you you have been infested by a virus with a popup because you had clicked on google link that stuff I would unplug the network cable then second turn off the computer don't even bother to do a shutdown.
     
  18. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
  19. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Better looking than some genuine products at times.
     
Loading...
Thread Status:
Not open for further replies.