Phony Adware Scanner Downloads Bogus Antivirus

Security researchers at Sophos are tracking down certain fresh changes to the now long-time known idea of presenting fake antivirus software, which infect people's computers.

To begin with, the researchers indicated via an online posting that they had found certain rogue adware scanner known as 'Anti-Adware Online Scanner,' which tried to dupe end-users into going to its distribution websites where a Trojan would get downloaded and installed on their systems.

The Sophos experts state that on accessing the Anti-Adware Scanner website, a JavaScript embedded inside its page gets executed, resulting in the display of a false bar that shows a so-called scan progress on the victim's PC.

Some time later, an alert message pops up that falsely tells the user that several viruses and spyware have infected his system. It then produces a web-link, which if the victim clicks would start downloading a file called Setup.exe. People, who become convinced of this trick, encounter a Trojan called Troj.FakeAV-ABD, the researchers inform.

A particularly interesting fact about the website is that it changes language and interface, based on the IP address of the user.

Moreover, in majority of the instances, the researchers state that the new phony scanner uses several similar components found in earlier fake AV programs. The techniques it combines render the fresh variation of old idea like the dynamic style with which it makes its introduction.

Meanwhile, Sophos researchers also outlined that they had spotted another phony AV Trojan, which is also designed to download an information sniffer dubbed "Troj/Sniffer-R" on end-users' computers. The Trojan characteristically stole login credentials of users so that it could invade FTP systems. Thereafter, it seized the host's user-ID and password linked to an outgoing FTP connection and examined for the validity of the user-ID and password via the parsing of inbound web traffic related to the login efficacy condition code, the experts noted.

Hence, while users have been advised to do the utmost for self-defense, it's even more vital that website administrators should install patches on their servers and keep them up-to-date.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 13-10-2009

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial