New Fake Antivirus Prevents Access to Popular Websites

According to the security company 'Webroot,' malware writers in a new trick are editing the network settings of Windows operating system so that users could not visit certain popular websites.

Andrew Brandt, malware Researcher at Webroot, states that the payload changes the LSP (Layered Service Provider) so that requests for particular websites pass through the malware. Subsequently, the malware shows a bogus 'alert' in the Web-browser instead of the requested website whose access is blocked, he explains, as reported by REVIEWS on January 26, 2010.

Referring to the blocked site, the 'alert' states that based on the user's security preferences, the website has been restricted. It states that the user's system has been infected by malware; therefore, he should 'activate' his antivirus application.

The malware payload is accompanied by a fake 'antivirus' program - Internet Security 2010. The security investigators have said that the fake AV represents a widely found and an especially annoying type of malicious software that gives false warnings of viruses and malware infection on the user's computer.

These fake programs, which normally get transmitted through drive-by downloads, are created in such a way that they appear as genuine anti-malware products. Indeed, the actual threat is 'AV' program itself.

Furthermore, new variants of fake AV programs come with much more computer-crippling and annoying features that give unauthorized users total control over the actual user's system. These unauthorized users then lock applications from starting or prevent the computer from going into 'safe mode.' Subsequently, it becomes difficult to remove the malware though not unfeasible.

The latest attack has reportedly targeted over 40 websites like Microsoft's live.com; social-networking sites like MySpace, Facebook, LinkedIn, Twitter and Bebo; search engine like Bing; news sites like BBC and Guardian; other news organizations like The Washington Post, the New York Times and Fox News; and YouTube to name some.

It is not enough to remove the payload implanted in the LSP because even after the removal of payload the PC is unable to connect online. Therefore, the security experts recommend that users should deploy high-quality and updated anti-virus software.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 2/2/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2025    All rights reserved.    Privacy Statement    Sitemap