Yesterday, the good folks at BleepingComputer posted removal instructions for a rogue antivirus (please see, Internet Plague - Rogue Antivirus) that is demonstrating a new behavior...
Quote: "Anti-virus-1 is a new rogue anti-spyware program from the same family as Antivirus 2010 and Antivirus 360. This program is promoted primarily through two methods. The first is through the use of advertisements that pretend to be online anti-malware scanners. These advertisements go through what appears to be a scan of your machine and then when finished, state that your computer is infected and that you should download Anti-virus-1 to protect yourself.
Remember, though, that this is just an advertisement and it has no way of knowing what is running on your computer. The second method that is used to promote this rogue is through the use of Trojans. When certain Trojans are installed on your computer they will display security alerts stating that your computer is infected or that you have some other security risk. When you click on these alerts, it will download and install Anti-virus-1 onto your computer..."
But that is not the new part, the new behavior adds entries to your HOSTS file so that if you go to any of a number of technology sites, including pcmag.com, you are instead brought to their site and are shown the malware author's content. This content includes a doctored PCMag review of their fake anti-malware product.
For more on the story, click here.
And for removal instructions, click here.
Share this post : |
No comments:
Post a Comment