You are here: Home > Malware > Malware News
Archive | Malware News RSS feed for this section

FTC Finally Going After Rogue Makers

Per Sunbelt Software -

At the request of the Federal Trade Commission, a U.S. district court has issued a temporary halt to a massive “scareware” scheme, which falsely claimed that scans had detected viruses, spyware, and illegal pornography on consumers’ computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of those responsible for the scheme, to preserve the possibility of providing consumers with monetary redress.

According to the FTC’s complaint, the defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements. The defendants falsely claimed that they were placing Internet advertisements on behalf of legitimate companies and organizations. But due to hidden programming code that the defendants inserted into the advertisements, consumers who visited Web sites where these ads were placed did not receive them. Instead, consumers received exploitive advertisements that took them to one of the defendants’ Web sites. These sites would then claim to scan the consumers’ computers for security and privacy issues. The “scans” would find a host of purported problems with the consumers’ computers and urge them to buy the defendants’ computer security products for $39.95 or more. However, the scans were entirely false.

According to the complaint, the two companies charged in the case – Innovative Marketing, Inc. and ByteHosting Internet Services, LLC – operate using a variety of aliases and maintain offices in various countries. Innovative Marketing is a company incorporated in Belize that maintains offices in Kiev, Ukraine. ByteHosting Internet Services is based in Cincinnati, Ohio.

Ha Ha :P …bout time.  Where there are affiliates and money there are accounts that can be found and frozen…lol!!!

Here is the official FTC complaint



Read full story · Comments { 1 }

Rogue Antivirus: How They Work and How to Remove Them

Rogue Anti-virus applications are being produced in ever increasing numbers each week now. Why? This is a scam that works big time! Rogue Anti-Virus scams are able to steal money, credit card numbers and sometimes entire identities. Below you can see the life cycle of a Rogue Anti-Virus scam.

1. You get infected with a Trojan like Virtumonde (via an outdated Java Runtime Environment).
2. The Virtumonde Trojan displays fake system alerts (in the form of system balloon popups), uses popunders and search redirection in your browser in an effort to convince you that your PC is infected and can only be cleaned with “special anti-virus software”.
3. At this point the user is in a panic and proceeds to purchase the rogue anti-virus.
4. Now the really bad part starts. The poor pc user just paid $30-$90 AND gave their identity with valid credit card info to an international ring of thieves.
5. Next, the rogue anti-virus gets installed, run and then….does nothing. Our user just got duped.
6. Now, the user must hire a consultant (like myself) to clean the rogue anti-virus and all the other infections associated with it.

I see so many clients with Rogue Anti-Virus infections each week. Typically, about 1 out of 7 of my clients will purchase the Rogue Anti-Virus application and then they usually see numerous credit card charges about 3 weeks later (that’s before I get there). I usually instruct clients to cancel the credit card they used to purchase the Rogue Anti-virus and purchase some identity protection (for a year at least).

Thankfully removing Rogue Anti-Virus is really pretty easy; however the Trojans that downloaded and installed the Rogue Anti-Virus are sometimes very difficult to remove. They are 2 methods I use to remove Rogue Anti-Virus. One method is free and the other costs about 40 dollars.

Method 1 – The free, but a bit difficult method

The best part about this method is that it’s free. It targets the Rogue Anti-Virus and the other malware associated with it. You’ll need 4 applications.

1. AVG Anti-Virus Free V8

2. SuperAntiSpyware

3. MalwareBytes’ Anti-Malware

4. Spybot Search and Destroy

First, uninstall your current anti-virus since it’s not doing the job anyway. We will be installing a new anti-virus (AVG Anti-Virus Version 8) which you can start doing right now. After AVG 8 is installed and updated please go ahead and install the remaining 3 applications. Be sure to update each application after you install it (each application has an update menu or button).

Reboot your PC in safe mode (by tapping F8 during your PC’s startup). Once in safemode perform full scans with the 4 applications above (in that order). Quarantine anything considered an infection. Reboot. Your Rogue Anti-Virus has probably been removed along with the Trojans that downloaded it. If you’re using IE7 or IE8 make sure you perform a reset on the browser as well.

Method 2 – The easy method, but it’s not free

Download Spyware Doctor with Anti-virus. Uninstall your old anti-virus. Install Spyware Doctor with Anti-virus and register it. Click yes to enable the OnAccess Guard and then click Smart Update. Download and install all the updates. Run a Full Scan and then fix everything the scan finds. Reboot. Your Rogue Anti-Virus has probably been removed along with the Trojans that downloaded it. If your using IE7 or IE8 make sure you perform a reset on the browser as well.

Final Malware Clean Up Notes

If you have system menus that are missing or inaccessible ComboFix does a really good job at restoring those. Download ComboFix. Disable Spyware Doctor or AVG. Run ComboFix. Let ComboFix reboot your PC. Re-enable your anti-virus.

At this point you should be malware free.

Read full story · Comments { 2 }

Remove-Malware Traffic Stats