PDA

View Full Version : How about that "Antivirus 2008" malware



Mr. Picklesworth
August 31st, 2008, 06:59 PM
Lately I have encountered an incredible number of people who have been fooled into installing the "Antivirus 2008" malware, promptly leading to their computers being unusable.

As I understand it, the thing is designed to fool someone into thinking their computer has been infected by piles of viruses and then spams obnoxious "Virus Alert" messages. Ultimately it holds the user hostage and asks for credit card details.
One serious flaw with it is that Windows (*hint hint* :P) often becomes totally impossible to use, so actually getting to the point where they ask for credit card details is impossible / difficult for that fooled user anyway. In many cases, it just breaks Windows. Although I suppose it probably contributes to a few botnets and evil personal data collections as well...

To get on the system it poses as a download from Microsoft, with a web site that looks like theirs. (And a ton of broken English. One has to just not read anything and think "ooh, shiny button! Must click!" to actually get fooled by this. Evidently, such users are quite prevalent).

It seems these guys have had quite the marketing campaign of late. Choice quotes from today:


I ended up with this "Antivirus 2008" and I think it screwed up my computer!

*Pained gasp from me*

I was just trying to download something from Microsoft!


I am using a program called Antivirus 2008. I think it came with my computer and it just isn't working for me. What do you recommend?
...But this says "Antivirus 2008!" [That being "BitDefender Antivirus 2008"])


I installed McAfee. Now Antivirus says I have 40 viruses and it wants me to pay to get them fixed. McAfee sucks!


Microsoft must be pissed about this. On the other hand, it has to be admitted that the folks behind this malware did a pretty impressive job. I would love to see the download / install numbers.

This is what happens when an OS lets users execute programs as soon as they are downloaded, and when users do not read. It may be worth addressing the "users not reading" problem in Ubuntu. Perhaps font choice would make a difference there.
(In other news, while laughing at their web site in Linux, I almost downloaded / installed it via Wine by accident).

Sealbhach
August 31st, 2008, 07:55 PM
I've just put Ubuntu on my brother's laptop so he can browse safely.

He took it to some crowd to get it fixed when it became unusable due to viruses. They charged him 100 euros and put Norton on it (ick!) and then some update to Norton killed his UAC settings in Vista so he was locked out of Vista.

He's very grateful to be free of all that hassle. Windows really is becoming unusable.


.

terabyte1
August 31st, 2008, 11:13 PM
I try not to use Microsoft XP Pro (the edition I have on one of my PC's).

I use Ubuntu; Kubuntu and various flavours of Ubuntu - I'm addicted to the chocolate brown and the deep brown tone that emits from my speakers (like a fart) blowing off the fluff on my chin :D


I also wear Sports clothing showing various versions of Ubuntu. My trusty Ubuntu Cup is at my elbow filled with coffee, I have my Ubuntu pen, my Ubuntu Mouse-mat and wonder of wonder, I have my Ubuntu Backpack for when I go to the Gym sporting my Ubuntu wearables :D


Life is not life without Ubuntu!


Terabyte :( :lolflag:

Lord Xeb
August 31st, 2008, 11:23 PM
Yeah, I know what you mean. I love ubuntu. It does everything that I ask and nothing more. when I want something done, it gets it done. Windows just became a pain in the *** after about 3 months because of those damn viruses I got when my cousin used it to look up porn (I know because he doesn't know how to erase ALL of the tracks of where he goes, since I keep a log on the limited account). Now, with Ubuntu, I browse the web and laugh at the world because of their pain in the *** windows they have! Seeing through a broken down wall is easier than seeing through a broken window :D

Daveski
August 31st, 2008, 11:24 PM
To get on the system it poses as a download from Microsoft, with a web site that looks like theirs. (And a ton of broken English. One has to just not read anything and think "ooh, shiny button! Must click!" to actually get fooled by this. Evidently, such users are quite prevalent).

This is the real problem. I know that MS have introduced UAC to Vista to give the users a second chance with this kind of thing, but pretty much everyone I know who has discovered how to turn this 'security' feature off, has.

Linux distros are doing a similar thing with the automatic security elevation with sudo which prompts for your password when you need root privs, but I have seen so many threads from new users asking how to always run as root (although they are ALWAYS advised not to) - so I can see this sort of issue starting to make it's way into the Linux desktop environment.

Sadly the weakest link in desktop security is the user.

lisati
August 31st, 2008, 11:31 PM
I use Ubuntu for my day-to-day stuff, most of the problems I've had have been of my own making, some of them of the "this looks interesting, let's check it out without really understanding it" variety.
I also use XP, mainly for video editing (there are discussions on this topic elsewhere in the forums). The most recent problems I've had seem to have been caused by a memory card that wasn't seated properly in its socket and resulted in the BSOD several times (diagnosed when Ubuntu on the same machine had trouble shutting down; a subsequent memtest was run and detected errors) Again, most of the problems I've had with Windows have been of my own making, with a very small handful due to malware.

EDIT: Big hint: When you're visiting a website and you have a pop-up about virus alerts and other such stuff, beware! And while you're "being ware", run a scan with anti-malware software you know and trust in preference to one recommended by a website. (And be alert to a Windows-style popup when you're running linux. They might be clever, but there's usually clues somewhere in the popup that let you know if it's not "kosher")

Newuser1111
August 31st, 2008, 11:32 PM
Why does this have a similar name? Or is this part of it?
http://playstationportablestuff.googlepages.com/IMAGEEEEEEEEWinAntiVirus2009.png

I saw this while using Ubuntu, so I recorded a video of it.

lisati
August 31st, 2008, 11:37 PM
Why does this have a similar name? Or is this part of it?
http://playstationportablestuff.googlepages.com/IMAGEEEEEEEEWinAntiVirus2009.png

I saw this while using Ubuntu, so I recorded a video of it.

Obviously a popup - it uses Windows-style icons and disk labelling, which you normally wouldn't expect while running Linux unless you'd tweaked your theme. If it's not someone out to cause mischief, they could be after money.

Twitch6000
August 31st, 2008, 11:40 PM
Why does this have a similar name? Or is this part of it?
http://playstationportablestuff.googlepages.com/IMAGEEEEEEEEWinAntiVirus2009.png

I saw this while using Ubuntu, so I recorded a video of it.
Thats a malware threat alright lol.
Yeah I would remove that <.<.

rune0077
August 31st, 2008, 11:49 PM
He's very grateful to be free of all that hassle. Windows really is becoming unusable.


Windows isn't becoming unusable, people just aren't careful enough when using it. A car isn't undrivable just because the person behind the wheel is a bad driver. I ran Windows for years and years without ever getting a virus. Of course, one needs to be a lot more careful with Windows than with Linux. But caution (namely, not pressing any shiny button you see) can easily keep you safe on a Windows-box.

Daveski
August 31st, 2008, 11:56 PM
I ran Windows for years and years without ever getting a virus. Of course, one needs to be a lot more careful with Windows than with Linux. But caution (namely, not pressing any shiny button you see) can easily keep you safe on a Windows-box.

Me too. However, you see there are a great many people that treat a computer (and the internet) like their TV. They do interact with it, but they seldom use their brain whilst doing so. I am not saying that many computer users are stupid, it is just that they know little about the underlying technology and so this sort of thing doesn't even ring alarm bells. As Windows (Mac OSX and Linux too) are dumbing down the user interface to make it more accessible to people who know little about (and probably wish to know nothing about) how the equipment and technology work, then this is going to be a big issue. If a message pops up telling them they have a virus, they are going to assume that the computer is 'telling' the truth, or that the magic machine has some kind of antivirus software (as they have probably heard the term) and is therefore trying to help.

rune0077
September 1st, 2008, 12:02 AM
Me too. However, you see there are a great many people that treat a computer (and the internet) like their TV. They do interact with it, but they seldom use their brain whilst doing so. I am not saying that many computer users are stupid, it is just that they know little about the underlying technology and so this sort of thing doesn't even ring alarm bells. As Windows (Mac OSX and Linux too) are dumbing down the user interface to make it more accessible to people who know little about (and probably wish to know nothing about) how the equipment and technology work, then this is going to be a big issue. If a message pops up telling them they have a virus, they are going to assume that the computer is 'telling' the truth, or that the magic machine has some kind of antivirus software (as they have probably heard the term) and is therefore trying to help.

Yeah. In this day and age, basic computer security really should be taught at school. Luckily, a lot of school-goers are much more aware of the issue than their parents are, perhaps because they were raised with the Internet. Maybe computers are being dumbed down, but with any bit of luck, computer users are actually being smarted-up (heh, I just made up that word). Maybe when we see a new generation shift, we will also see better computer security coming along with it.

kpatz
September 1st, 2008, 12:13 AM
Several co-workers, family members, and friends have gotten bitten by this one. I almost did too, once, because this nasty will be installed on hijacked web sites/blog sites, and they appear at the top of Google searches. Fortunately, I was using Firefox and I killed the browser before anything could be installed.

I posted this on another forum as a joke, it's an Antivirus 2008 infected site viewed on Firefox in Ubuntu. I said "Oh no, my Ubuntu got infected" ;)

What's funny is the "viruses" it claims you are infected with are mostly famous worms from 2003-2004.

RedPandaFox
September 1st, 2008, 12:30 AM
I want it! On my Ubuntu at least, I want a pet Virus contained in my Wine folder :(

I was tricked on my PC, but tis all good because I was formatting it and selling it anyway.

Iv had a few experiences with it over the past few months, id say 1 in 10 people around here are getting it or some insanely high number.

I was at my girlfriends parents house the other night, and I see her brother on his laptop, He gets the telltale "WARNING!!!"
I saw it from across the room, the mouse slowly made its way across the desktop towards its impending doom, time slowed, I started running and dived for the mouse, but was to late... Another poor computer was lost...

OK well maybe it wasn't that dramatic, I called his name to stop him but he had headphones on and he got infected.

SoloSalsa
September 1st, 2008, 12:33 AM
Haha, yeah I hate those sites. Of course I would never fall for them, but they are scary. A bunch of them provide an infinite number of pop-up panes, so I am forced to kill the browser. Now, I know no harm comes while using Linux, but on Windows, I fear that somewhere in the infinite pop-ups one will position itself where the close button of the previous was.
Now any slightly educated and patient user would see how bogus it is, but most Windows users are too hasty to click things. They suspect that any site with the Windows flag and icons is legit.
My father fell for it, twice. My father is dumb, but he does have commercial malware protection. The first time he got it was within a week of its outbreak, according to reports. That time I had to remove every bit of it myself, but the real antivirus software cought on and was updated before he got it the second time.

OutOfReach
September 1st, 2008, 12:43 AM
It's infected my cousin's computer, and it also infected my teacher's computer. :) Yes, she was preparing to show a presentation on the projector from her computer, then all of a sudden the Antivirus 2008 site came, told her she was infected and to install, some of us in the class told her not to, but she did =/. I couldn't believe that I was there, watching my teacher get infected, live! :P

mike1234
September 1st, 2008, 12:52 AM
I don't have any links but the one that used to get me (I finally caught on about the second time) is those sites that pop up warning you of a virus. A quick search of Google has a link to a site that has a fix. Then you download and install it. It's fixed. Or is it? No other Antivirus programs I had installed detected a virus. So I looked around and found it was a fake virus. I didn't buy anything and never keep any sensitive info on my computer anyways. Sure would like to know what their intent was. I don't use Windows anymore so I don't care, but there are some real A holes out there. As to the previous post, yes you think people would be more cautious about trusting those pop up warnings.

M.

barbedsaber
September 1st, 2008, 02:07 AM
I want it! On my Ubuntu at least, I want a pet Virus contained in my Wine folder :(

...

He gets the telltale "WARNING!!!"
I saw it from across the room, the mouse slowly made its way across the desktop towards its impending doom, time slowed, I started running and dived for the mouse, but was to late... Another poor computer was lost...


I shouldn't laugh at other people's missfortune, but I find that hillarious.

RedPandaFox
September 1st, 2008, 02:19 AM
I shouldn't laugh at other people's missfortune, but I find that hillarious.

Yeah, when he had clicked it and it downloaded basically right away and infected him while I watched, he turns to me and goes "What the hell is happening" With a deadpan face I just turned to him and said "That what happens when you badmouth LaRoza"

Well actually I said something like, "That's your computer getting ****ed"

Mr. Picklesworth
September 1st, 2008, 06:02 AM
I think GNOME encourages the user to read information a bit more than Windows, assuming that user has not become accustomed to Windows' bad habits. It is designed with a more 'do what I do' approach where popup messages usually only appear when something really important is happening. They are usually (not always...) written in a reasonably clear way so that people will not learn to ignore the things.

UAC and gksu are both flawed when it comes to making sense for an end user. Something that makes sense here is the need to check an "executable" flag on a downloaded program. It would be smart if we got a gksudoish popup offering to do that in a click with a quick blurb describing the downloaded software.

For example, a flaw in Windows is that nasty software can execute with the same UAC popup as Microsoft's software. The sign of something being genuine is with the digital signature, which people do not expect to see except in an installer.

MaxIBoy
September 1st, 2008, 07:22 AM
It helps that almost everything I need is in the repos, so the chance of me getting fooled is very low.

kjb34
September 1st, 2008, 07:35 AM
I had that thing pop up while I was Ubuntu and I couldn't get it to stop coming up but I knew it was bogus. So I ended up doing a force quit to stop it. Then I made sure I didn't go back to that website.

RedPandaFox
September 1st, 2008, 07:47 AM
I had that thing pop up while I was Ubuntu and I couldn't get it to stop coming up but I knew it was bogus. So I ended up doing a force quit to stop it. Then I made sure I didn't go back to that website.

Do you remember what site it was? :)

Solicitous
September 1st, 2008, 02:00 PM
argh the timing. I'm still going through a reinstall on my laptop because of this damned Antivirus XP 2008. Don't know how it got on here, I browse with Firefox and only go to a handful of usual sites, and then wolla Antivirus XP 2008 comes up saying I have spyware on my system. I didn't touch it (I knew what it was). Symantec Antivirus and Spybot didn't pick it up until after it had infected my machine (symantec website claims that the malware needs to be installed by the user, but some other sites claim it can install via ads on websites...dunno).

Nasty piece of work I tell you. I know one thing for certain, when I've finished my Uni degree I'll kiss Windows goodbye and be back to Linux fulltime (or I might over the break look at running XP in virtual machine.....I need Office 2003 *a must* according to the Uni)

zmjjmz
September 1st, 2008, 03:17 PM
argh the timing. I'm still going through a reinstall on my laptop because of this damned Antivirus XP 2008. Don't know how it got on here, I browse with Firefox and only go to a handful of usual sites, and then wolla Antivirus XP 2008 comes up saying I have spyware on my system. I didn't touch it (I knew what it was). Symantec Antivirus and Spybot didn't pick it up until after it had infected my machine (symantec website claims that the malware needs to be installed by the user, but some other sites claim it can install via ads on websites...dunno).

Nasty piece of work I tell you. I know one thing for certain, when I've finished my Uni degree I'll kiss Windows goodbye and be back to Linux fulltime (or I might over the break look at running XP in virtual machine.....I need Office 2003 *a must* according to the Uni)

Were you running with NoScript/Adblock+?
Those help immensely.
As for MS Office... http://appdb.winehq.org/objectManager.php?sClass=version&iId=3214

init1
September 1st, 2008, 03:19 PM
Yeah I fear that perhaps my dad fell for that trick. He was telling me that he got some announcement that his registry had errors and he needed to fix them. So he downloaded the file and ran it. He's also been complaining that his computer runs slow, so I'll try putting Linux on there and telling him it's Windows Mojave :D

Chame_Wizard
September 1st, 2008, 03:34 PM
glad i don't use my XP dual boot

kpatz
September 1st, 2008, 03:47 PM
BTW, for those who do get infected with this POS, Malwarebytes is a good, free anti-malware utility that will remove it.

http://www.malwarebytes.org/

I've walked several people through removal over the phone/email using this and it's a piece of cake.

voteforpedro36
September 1st, 2008, 04:39 PM
Fortunately, I was using Firefox and I killed the browser before anything could be installed.

How did you expect it to be installed if you were using Linux?

Dr. C
September 1st, 2008, 05:30 PM
How did you expect it to be installed if you were using Linux?

Possibly wine

SoloSalsa
September 2nd, 2008, 12:32 AM
Do you remember what site it was? :)
I am positive that it came from "antivirus-2008.com" which immediately started download dialogues and popups when one attempts to close the window... Annoying, even in Firefox, even not on Windows.
But it looks like that has changed. I just found "antivirus-2008.org", which is very similar, but the pesky part comes after one clicks, rather than right away.

Symantec Antivirus and Spybot didn't pick it up until after it had infected my machine (symantec website claims that the malware needs to be installed by the user, but some other sites claim it can install via ads on websites...dunno).
Neither did McAfee at first: my dumb father got it only a week after the first reports appeared online. All of these nasty things come from advertisements or spam links. Nothing can be installed automatically in Firefox, but they can get past vulnerabilities in Internet Exploiter. Explorer can download crap and execute them without the user knowing.

For example, see anything on kdfa7.net (be sure to disable scripts first, or you will be bombarded with infinite download messages). They are fake YouTube player screens. An ActiveX thingy would run in IE, but only attempt to save the program with a better browser. I came accross it by following a link in a comment somewhere. I always report these things to SiteAdvisor (http://www.siteadvisor.com/sites/kdfa7.net).

kjb34
September 2nd, 2008, 01:07 AM
Do you remember what site it was? :)

I don't quite remember what the site was, but I was looking up some information for socket 478 mobo heatsink on Google and one of the links I clicked on took there.

RedPandaFox
September 2nd, 2008, 02:20 AM
I'm going to try and get it on an old clean system I don't use, kinda like a fish tank and fishies :) Violent fishy with sharp teeth and poison fins. Kinda like a mini Bill Gates?

doas777
September 2nd, 2008, 03:38 AM
I've been seeing a lot of that one in my shop lately. the MalwareBytes scanner detects and cleans it.
http://www.malwarebytes.org/


it's related to a crossplatform exploit that uses browser hooks to the clipbook to alter what users paste. that part of it does affect mac and linux.

http://news.softpedia.com/news/Clipboard-Hijack-Spreads-Panic-92022.shtml

have fun,
Frank

RedPandaFox
September 2nd, 2008, 05:18 AM
I've been seeing a lot of that one in my shop lately. the MalwareBytes scanner detects and cleans it.
http://www.malwarebytes.org/


it's related to a crossplatform exploit that uses browser hooks to the clipbook to alter what users paste. that part of it does affect mac and linux.

http://news.softpedia.com/news/Clipboard-Hijack-Spreads-Panic-92022.shtml

have fun,
Frank

Yeah Malwarebytes seems to be the scanner of choice, I had never heard of it before this Mal ware, now everyone I know has it.

zmjjmz
September 2nd, 2008, 05:20 AM
Yeah Malwarebytes seems to be the scanner of choice, I had never heard of it before this Mal ware, now everyone I know has it.

Somebody is on both sides of the system.

RedPandaFox
September 2nd, 2008, 05:23 AM
Somebody is on both sides of the system.

What do you mean?

zmjjmz
September 2nd, 2008, 05:27 AM
What do you mean?
Like if someone invests in both assault rifles and funeral caskets.

RedPandaFox
September 2nd, 2008, 05:32 AM
Arh yeah, I was thinking the same.

Id never heard of MalwareBytes then all of a sudden this comes out, which completely wipes it and all of a sudden its famous and being used by computer shops, end users and a lot of people are buying it.

kpatz
September 2nd, 2008, 02:41 PM
How did you expect it to be installed if you were using Linux?I was using XP. The screenshots of the page in Ubuntu were done afterward.

zmjjmz
September 2nd, 2008, 03:33 PM
RedPandaFox: OT, but do you keep changing the name of the project in your sig?
Yesterday it was Nisus...

RedPandaFox
September 3rd, 2008, 01:18 AM
RedPandaFox: OT, but do you keep changing the name of the project in your sig?
Yesterday it was Nisus...

I'm working on a new Ubuntu based distro. We were originally Fresco-Linux, we had trouble with another project with a similar name complaining, then Nisus, yet again naming issues, so at the moment to avoid any problems until we are released under a permanent name, we are just code-named Project Endeavour.

We are releasing our first alpha some time in the next few weeks, I'm working on it as we speak.

stinger30au
September 3rd, 2008, 02:40 AM
its come up as a pop up on me few times while surfin the net with ubuntu...

cracked me up

RedPandaFox
September 4th, 2008, 12:56 AM
I want to get it but now my laptop wont get on net so I cant infect it :(