Tuesday, April 15, 2008
Xpantivirus attacks
Posted by John McHale
I got hit yesterday with a virus my IT guy hadn't seen before. Called the Xpantivirus, it fools you into thinking it's an antivirus software application that caught some spyware on your system and wants you to download the solution.
It had me till the download part. I thought that looks weird, called my IT guy and he said I dodged a bullet by not downloading. If I had it would've opened up a path for all sorts of malware, porn, and other crap to get into my computer.
So this is a little friendly warning in case any of you come across it. I got hit with it while surfing the web looking for information for a story.
My IT department provided the definition of the threat below.
Description: Xpantivirus is a rogue security tool, a program that claims to detect and remove or disable spyware, viruses, or other Internet threats. However, its capabilities are limited, and the tool may actually function as spyware or adware. This rogue anti-spyware tool often tricks users into purchasing. Trojan horse programs may force installs of Xpantivirus or make the application difficult to remove. It can be distributed through exploits particularly, the Vcodec vendor, which tricks user with Windows Media player codecs and forces an install.
Vendor: Xpantivirus.com
Threat level: medium risk
Xpantivirus characteristics: displays ads; hijacks internet browser; downloads unsolicited files; exploits a security flaw; distributes threats; installs without user consent; and makes fraudulent claims about spyware detection and removal.
Keep your eyes open.
¶ 4/15/2008 08:48:00 AM I got hit yesterday with a virus my IT guy hadn't seen before. Called the Xpantivirus, it fools you into thinking it's an antivirus software application that caught some spyware on your system and wants you to download the solution.
It had me till the download part. I thought that looks weird, called my IT guy and he said I dodged a bullet by not downloading. If I had it would've opened up a path for all sorts of malware, porn, and other crap to get into my computer.
So this is a little friendly warning in case any of you come across it. I got hit with it while surfing the web looking for information for a story.
My IT department provided the definition of the threat below.
Description: Xpantivirus is a rogue security tool, a program that claims to detect and remove or disable spyware, viruses, or other Internet threats. However, its capabilities are limited, and the tool may actually function as spyware or adware. This rogue anti-spyware tool often tricks users into purchasing. Trojan horse programs may force installs of Xpantivirus or make the application difficult to remove. It can be distributed through exploits particularly, the Vcodec vendor, which tricks user with Windows Media player codecs and forces an install.
Vendor: Xpantivirus.com
Threat level: medium risk
Xpantivirus characteristics: displays ads; hijacks internet browser; downloads unsolicited files; exploits a security flaw; distributes threats; installs without user consent; and makes fraudulent claims about spyware detection and removal.
Keep your eyes open.
Comments:
<< Home
Yeah it's easy to avoid virus.
Most require you to run/download them, don't run them and they can't hurt you.
Worms on the other hand are automatic, however the router on most broadband connections hides your internal IP and makes you safe from these.
Spy Bot Search and Destroy "teatimer" registry monitor is all you'll ever need. No anti-virus software, no firewall, just a router and that regmon prog.
-Ben
Most require you to run/download them, don't run them and they can't hurt you.
Worms on the other hand are automatic, however the router on most broadband connections hides your internal IP and makes you safe from these.
Spy Bot Search and Destroy "teatimer" registry monitor is all you'll ever need. No anti-virus software, no firewall, just a router and that regmon prog.
-Ben
A great place I found - very popular and legally compliant as kind of a "clearing house" for bad products as these:
Title: The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites
Description: Bad, False, Fake products
URL: http://www.spywarewarrior.com/rogue_anti-spyware.htm
Much of these rogue fake products began in the WMF metafile zero day exploit in Windows a couple years ago. Sometimes called "ransomware" because they demand payment to "get rid" of the fake installation.
gerald philly pa usa:
webmaster bluecolarpc.net
Post a Comment
Title: The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites
Description: Bad, False, Fake products
URL: http://www.spywarewarrior.com/rogue_anti-spyware.htm
Much of these rogue fake products began in the WMF metafile zero day exploit in Windows a couple years ago. Sometimes called "ransomware" because they demand payment to "get rid" of the fake installation.
gerald philly pa usa:
webmaster bluecolarpc.net
Subscribe to Post Comments [Atom]
<< Home
