Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Phony Adware Scanner Downloads Bogus Antivirus

Security researchers at Sophos are tracking down certain fresh changes to the now long-time known idea of presenting fake antivirus software, which infect people's computers.

To begin with, the researchers indicated via an online posting that they had found certain rogue adware scanner known as 'Anti-Adware Online Scanner,' which tried to dupe end-users into going to its distribution websites where a Trojan would get downloaded and installed on their systems.

The Sophos experts state that on accessing the Anti-Adware Scanner website, a JavaScript embedded inside its page gets executed, resulting in the display of a false bar that shows a so-called scan progress on the victim's PC.

Some time later, an alert message pops up that falsely tells the user that several viruses and spyware have infected his system. It then produces a web-link, which if the victim clicks would start downloading a file called Setup.exe. People, who become convinced of this trick, encounter a Trojan called Troj.FakeAV-ABD, the researchers inform.

A particularly interesting fact about the website is that it changes language and interface, based on the IP address of the user.

Moreover, in majority of the instances, the researchers state that the new phony scanner uses several similar components found in earlier fake AV programs. The techniques it combines render the fresh variation of old idea like the dynamic style with which it makes its introduction.

Meanwhile, Sophos researchers also outlined that they had spotted another phony AV Trojan, which is also designed to download an information sniffer dubbed "Troj/Sniffer-R" on end-users' computers. The Trojan characteristically stole login credentials of users so that it could invade FTP systems. Thereafter, it seized the host's user-ID and password linked to an outgoing FTP connection and examined for the validity of the user-ID and password via the parsing of inbound web traffic related to the login efficacy condition code, the experts noted.

Hence, while users have been advised to do the utmost for self-defense, it's even more vital that website administrators should install patches on their servers and keep them up-to-date.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 13-10-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next