The Mil & Aero Blog
Tuesday, April 15, 2008
  Xpantivirus attacks

Posted by John McHale

I got hit yesterday with a virus my IT guy hadn't seen before. Called the Xpantivirus, it fools you into thinking it's an antivirus software application that caught some spyware on your system and wants you to download the solution.

It had me till the download part. I thought that looks weird, called my IT guy and he said I dodged a bullet by not downloading. If I had it would've opened up a path for all sorts of malware, porn, and other crap to get into my computer.

So this is a little friendly warning in case any of you come across it. I got hit with it while surfing the web looking for information for a story.

My IT department provided the definition of the threat below.

Description: Xpantivirus is a rogue security tool, a program that claims to detect and remove or disable spyware, viruses, or other Internet threats. However, its capabilities are limited, and the tool may actually function as spyware or adware. This rogue anti-spyware tool often tricks users into purchasing. Trojan horse programs may force installs of Xpantivirus or make the application difficult to remove. It can be distributed through exploits particularly, the Vcodec vendor, which tricks user with Windows Media player codecs and forces an install.

Vendor: Xpantivirus.com

Threat level: medium risk

Xpantivirus characteristics: displays ads; hijacks internet browser; downloads unsolicited files; exploits a security flaw; distributes threats; installs without user consent; and makes fraudulent claims about spyware detection and removal.

Keep your eyes open.
 
Comments:
Yeah it's easy to avoid virus.

Most require you to run/download them, don't run them and they can't hurt you.

Worms on the other hand are automatic, however the router on most broadband connections hides your internal IP and makes you safe from these.

Spy Bot Search and Destroy "teatimer" registry monitor is all you'll ever need. No anti-virus software, no firewall, just a router and that regmon prog.

-Ben
 
A great place I found - very popular and legally compliant as kind of a "clearing house" for bad products as these:

Title: The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites
Description: Bad, False, Fake products
URL: http://www.spywarewarrior.com/rogue_anti-spyware.htm

Much of these rogue fake products began in the WMF metafile zero day exploit in Windows a couple years ago. Sometimes called "ransomware" because they demand payment to "get rid" of the fake installation.
gerald philly pa usa:
webmaster bluecolarpc.net
 
Post a Comment

Subscribe to Post Comments [Atom]





<< Home
The MAE editorial staff uses the Military Aerospace and Electronics Blog to share ...

Archives
November 2007 / December 2007 / January 2008 / February 2008 / March 2008 / April 2008 / May 2008 / June 2008 / July 2008 / August 2008 / September 2008 / October 2008 / November 2008 / December 2008 / January 2009 / February 2009 / March 2009 / April 2009 / May 2009 / June 2009 / July 2009 / August 2009 / September 2009 / October 2009 / November 2009 / December 2009 / January 2010 / February 2010 / March 2010 / April 2010 / May 2010 / June 2010 / July 2010 / August 2010 / September 2010 / October 2010 / November 2010 / December 2010 / January 2011 / February 2011 / March 2011 / April 2011 / May 2011 / June 2011 / July 2011 / August 2011 / September 2011 / October 2011 / November 2011 / December 2011 /


Powered by Blogger

Subscribe to
Posts [Atom]