+ Post New Thread
Results 1 to 15 of 15
General Chat Thread, XP Antivirus Malware - More convincing than the real thing! in General; Kind of an interesting study into social engineering! Anatomy of a malware scam | The Register Cant believe they went ...
  1. #1

    flyinghaggis's Avatar
    Join Date
    Jan 2006
    Posts
    1,083
    Thank Post
    108
    Thanked 81 Times in 63 Posts
    Rep Power
    140

    XP Antivirus Malware - More convincing than the real thing!

    Kind of an interesting study into social engineering!

    Anatomy of a malware scam | The Register

    Cant believe they went to the trouble of creating a fake Windows security centre dialogue, online help and Terms and Conditions! Malware Authors are getting way too crafty these days

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Ooo I hate this one. It's turning up a lot on the infested machines I fix.

  3. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,772
    Thank Post
    1,308
    Thanked 804 Times in 698 Posts
    Rep Power
    247
    Quote Originally Posted by flyinghaggis View Post
    Kind of an interesting study into social engineering!
    See also:

    Coding Horror: The Perils of FUI: Fake User Interface

    --
    David Hicks

  4. #4

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,442
    Thank Post
    702
    Thanked 2,302 Times in 1,063 Posts
    Blog Entries
    23
    Rep Power
    678
    I have just answered a question for my Helpline column on this. There is a more nefarious variant which keeps coming back from the dead too.

  5. #5
    originofsymmetry's Avatar
    Join Date
    Jun 2007
    Posts
    188
    Thank Post
    9
    Thanked 15 Times in 12 Posts
    Rep Power
    18
    Just got rid of that this morning on an XP machine - have to give credit where credits due though

  6. #6
    bizzel's Avatar
    Join Date
    Jul 2007
    Location
    Cambridge
    Posts
    654
    Thank Post
    102
    Thanked 204 Times in 72 Posts
    Rep Power
    52
    Parents currently have this on their machine which Kaspersky missed totally. Even on VirusTotal only 2 pieces of software pick it up.

  7. #7

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    I had a user with one Wednesday which set the background on her pc as a bitmap which looked like a popup box, and then put a notice in the taskbar saying windows antivirus had detected a virus etc etc, click here to download and clean. it disabled all anti virus software, it stopped you changing the background. it also installed the microsoft blue screen screensaver so after 5 mins, it looks like your pc blue screens, obviously because its infected!
    it then put files everywhere that recreated any deleted ones.
    took me half a day to get rid of. and to top it off, once i removed part of it, windows needed activation again, and wouldnt activate online so i had to do it by phone.
    as said previously, credit on the amount of work going in to them, but off from my machines

  8. #8

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Ive got a laptop the now that I cant figure out what is screwing with it. In Safe mode it found the various usual spyware crap but nothign too serious. A safemode scan with nod32 and symantec didnt find anything. Booting to normal mode, the machine just locks up. Ive disabled all startup programs, all non critical services, etc. Theres nothing in the event log out the ordinary. I just cant figure out whats causing it to lock up. I cant even get Taskman to work to see if theres something maxing at 100%. Stumped.

  9. #9

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,126
    Thank Post
    217
    Thanked 1,353 Times in 826 Posts
    Blog Entries
    4
    Rep Power
    528
    I found a fix.....

    Apple - Mac OS X Leopard

  10. Thanks to Domino from:

    petroz (30th August 2008)

  11. #10
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    31
    You'd hope people would actually think before click, for start in the image. (In the article)

    1.) It's clearly an image load, as the corners are rounded yet the ajax/js code isn't making it look round.
    2.) Different colour theme, Windows XP Default Theme popup, on an Windows Vista Aero Theme.

    Somethings are obvious, than again, majority of people just don't noticed.

  12. #11

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    200
    Quote Originally Posted by ahuxham View Post
    You'd hope people would actually think before click, for start in the image. (In the article)

    1.) It's clearly an image load, as the corners are rounded yet the ajax/js code isn't making it look round.
    2.) Different colour theme, Windows XP Default Theme popup, on an Windows Vista Aero Theme.

    Somethings are obvious, than again, majority of people just don't noticed.
    Also, although takes a little more searching, spelling is sometimes off.
    For the one I had to fix, Windows AntiSpyware was going to 'pertect' my machine when I ran the link. It was also advisable to 'downlaod' this to keep my machine safe.

    Rabbie: If you can get in the registry, try looking in local machine at:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    under userinit. i know some spyware now put something in there so it autoloads

  13. #12

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    cheers mk2 ill give that a shot at some point over the weekend

  14. #13
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,987
    Thank Post
    275
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    48
    Would like to know of effective removal methods. Currently we use system restore.

  15. #14
    djdohboy's Avatar
    Join Date
    Aug 2008
    Location
    Watford, Hertfordshire
    Posts
    55
    Thank Post
    0
    Thanked 7 Times in 6 Posts
    Rep Power
    14
    hi guys

    I part time help out the old school network manager in his new job of home pc repair,

    this is brilliant!!!!! malwarebytes

    Will deal with windows antivirus completly, its free and you only need to do the smart scan, plus it has a remove on reboot function.

    Very Very Usefull!!!!


  16. #15
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    30
    Like geoff... been seeing this one alot more quite recently. Not hard to fix though.

    Basic rule of thumb everyone [home users] should have... if you or another family member didnt knowingly install it, then its spyware of some sort hehe

    Nath.



SHARE:
+ Post New Thread

Similar Threads

  1. Malware/Adware or Spyware Computer Infected
    By MyDejaVu in forum Windows
    Replies: 10
    Last Post: 30th May 2008, 08:44 PM
  2. Vista security credentials tarnished in malware survey
    By cookie_monster in forum General Chat
    Replies: 0
    Last Post: 9th May 2008, 02:23 PM
  3. The Real Thing
    By rrichmond in forum General Chat
    Replies: 24
    Last Post: 18th December 2007, 01:13 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •