back to article New fake anti-virus shakes down frightened file-sharers

Security researchers have discovered a strain of fake anti-virus software that tries to intimidate supposed file-sharers into paying for worthless software. torrent_alert_scareware SFX Fake AV, first detected by freebie antivirus scanner firm Malwarebytes, blends the features of scareware with those more associated with …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

It seriously worries me that these scams keep reappearing. It means that someone, somewhere is making it profitable to continue making them.

These people broke into your computers. Don't pay them. Nobody serves legal notice by instant messaging or little pop-up windows (unless it's from some court that's exhausted EVERY possible way of contacting you, including going via your ISP, and then - does that SOUND like a lawyer to you?). They've popped up a window on your screen against your will after gaining entry to a private PC - just how "helpful" do you think they are trying to be by inciting you to "cover up" your torrents and asking money to do so?

I don't find the existence of viruses surprising - never have, even since the DOS days. Some people just find it a good prank to delete your hard drive or email everyone you know anyway, and some just wrote programs to do just that. I do find their *continued* existence quite annoying, though. Just who exactly is making it profitable to take the risk of creating something like that that may be traced back to you (even if by accident - say, your code takes out a hospital or something equally important, and someone comes looking for you)?

And, for years, viruses have tried to kill programs that might fix them. Several of them kill regedit when detected, for example, because it's quite good at cleaning out Run entries and file associations, not to mention the thousands that kill things like debuggers, antivirus, etc. There's nothing "new" here. People are stupid. That's not new.

So much for modern Windows letting you "keep control" of things like this. Seriously, why does no modern OS STOP programs doing things like killing other, completely unrelated, processes?

0
1
Silver badge

Uh, please ?

I f a COURT wants to talk to you, you'll find a police officer (or three) at your door and the court WILL talk to you.

The Court doesn't need to waste time fiddling with popup messages on a PC.

1
1
Silver badge

I added that disclaimer because UK courts HAVE served notice via Facebook and Twitter when there has been no other possible way to contact the people involved.

And I knew some smartarse would point it out if I didn't. But, basically, those people were *TRYING* to hide from the courts so they were almost uncontactable by normal means.

0
0
Silver badge

hmm

I dont think these are aimed at computer literate people. Maybe little johnny was looking at websites he shouldnt have, saw the AV popup, clicked "Scan" (install) since little johnny has admin access (only one account on the home PC) then the virus installs happily and little johnny leaves the PC to mum to sort out.

Probably easily done. Ive been called out by the F-in-Law to one of the older typical fake AV scarewares he had accidentally installed. He had "installed" it from a biking forum tainted advert - nothing seedy at all.

1
0
Joke

Re: hmm

I thought 'biking' was seeing how many men can have sex with the same woman in one night.

0
0
Silver badge

Hey, at least I'm a SMARTarse ! :)

0
0

Given ...

... the success of religion and politics over the centuries, why are you surprised that people are so easily and repeatedly duped? No flame, just asking.

7
3

Ways to contact

Have you heard about the "you've won tickets to a [TEAMNAME] game!" that some law enforcement agencies have pulled in the US? They've tracked down a lot of crims and deadbeat dads, though unfortunately the crims and deadbeats seem to have caught on by now. Brilliant idea, though, and it worked a treat.

1
0

This post has been deleted by its author

Silver badge

@Lee Dowling

"I added that disclaimer because UK courts HAVE served notice via Facebook and Twitter when there has been no other possible way to contact the people involved."

OK ... I'm not saying this hasn't happened. I honestly don't know. But, how can the court tell that the twit or farce was actually observed by the intended markperp? Serious question. For example, there are seven people other than myself who could easily access this laptop here in my home office on any given day. In all reality, nobody but the wife ever comes up here ... but there is nothing stopping them.

0
1

Hmm

Wondering if trying to get money out of people who don't want to actually pay for legitimate movies/games in the first place is the best target.

As usual, this type of scam best benefits small indy computer repair shops and IT savvy friends who can get a decent income in removing these types of malware.

5
0
Silver badge

Re: Hmm

" As usual, this type of scam best benefits small indy computer repair shops and IT savvy friends who can get a decent income in removing these types of malware."

In the case of my friends (and family) that IT savvy guy is me - except there's no decent income from doing it, becauseI don't usually charge them.

However, I have decided to change that - if they have to pay for my time then maybe, just maybe, they'll learn to be more careful in future.

One exception: I was offered payment once: an ex colleage rang me when his laprop had an infection. He said he was near my place, and could drop it in to fix it, and said he'd give me a tenner for my time, describing it as 'a nice cash in the hand job' - what a crying shame I was out, then, because I'm always looking to undervalue my time by such a ridiculous amount (not charging at all notwithstanding)

3
0
Silver badge

Re: Hmm

Christmas is a good time for doing IT jobs. I had LOADS of wine and choccys at christmas. They made excellent pressies, but yes the time involved does suck.

0
0
Silver badge
Stop

" ... the use of Dropbox as a delivery mechanism ..."

This Dropbox reference was thrown in right at the end, with no explanation.

Do you get an e-mail from the bad guys with a link to their malware laden Dropbox public folder? Do Dropbox themselves install the virus the next time Dropbox has an auto-update?

A bit more explanation would be nice.

3
0
Silver badge

Re: " ... the use of Dropbox as a delivery mechanism ..."

I wondered that. Perhaps it specifically looks for shated drop box folders and attaches itself to stuff in there?

0
0
Silver badge
Windows

Regedit

has made my keyboard sticky.

IT support says my PC needs a wipe.

1
0

Any more on the delivery mechanism?

The almost throw-away mention of DropBox as a delivery mechanism is slightly worrying.

Any more about how and how to mitigate against it?

0
0
Silver badge
Trollface

Re: Any more on the delivery mechanism?

dont use dropbox?

0
0
Silver badge
Devil

Re: Any more on the delivery mechanism?

My guess would be that it takes a quick look through an infected system and drops itself into a Dropbox folder, getting itself automatically spread to everyone sharing that folder.

Going via email or browser relies on either unpatched holes or user error, while Dropbox will spread it by design.

0
0
Joke

A porn tool?

Ah, so that's why it completely f**ks your pc if you're not careful.

2
0
FAIL

Is this a tech site?

This article would be at home in a red top daily.

There is nothing about the delivery other than that it is something to do with dropbox. Is there an issue with dropbox i need to know about? some kind of execution and elevation issue?

how does one become infected? and most importantly how do you remove it?

do your homework and come back when you have a proper article.

1
2
Anonymous Coward

Re: Is this a tech site?

"This article would be at home in a red top daily."

Um... You did look at the top of the page, didn't you?

6
0
Anonymous Coward

Re: Is this a tech site?

Well, it used to be some years ago. Now it seems to progressively dumb down every year, so now we have so called tech articles explaining what DNS means plus the always abysmal hardware reviews. So no it isn't.

1
2
Paris Hilton

Re: Is this a tech site?

This place is a tech news site, it's just one you can make sense of while hungover and likes to get it's Paris out for the lads!

0
0
Anonymous Coward

Re: Is this a tech site? @Nigel 15

Are you too stupid and lazy to look into how to remove it yourself? It's a news site*, not school, genius.And people who don't capitalise sentences are hardly in a position to criticise others' writing.

*For the other arses who whinge about how they already knew something; that just means something's not news to *you*. Difficult concept, I know ...

0
0
Anonymous Coward

Funny how these fake A/V trojans keep popping up, and the only software at that time able to detect and get rid of them is Malwarebytes......Almost as if they have a crystal ball or inside knowledge of what's coming.

0
0
Happy

Malwarebytes

Maybe Malwarebytes is just very good at what it does (it is!) and the people behind it are very good at what they do (they are!)

And it's free!

0
0
Facepalm

"Emerging Trend" == "Happened for years." Absolutely nothing new nere.

"SFX Fake AV is morphing at a relatively fast rate, so it is something that signature-based vendors will have to watch out for as there will be an increasing number of variants in the wild."

This includes your signature-based Malwarebytes, right? So your own product can't save us. And you're only realizing this twenty years after the fact?!

"Also, the use of [s/Dropbox/some other public system] as a delivery mechanism is a something that the industry is going to have to take into account and protect against, as it is an emerging trend."

Wasn't this done in IRC twenty years ago? Is using Dropbox the emerging trend, or is using anything public for a delivery mechanism the emerging trend? So are we to ban Dropbox at the firewall, now? Or do we finally take before-the-fact measures?

Once again, I ask: Why am I not affected? Why are my clients, co-workers, and so on not affected? The answer may surprise you.

There is nothing new, here. Absolutely nothing. And there's nothing new in preventing this, either.

0
0

This is funny

Hackers exploiting pirates. Is there no honor amongs criminals?

0
2
Linux

doesn't scare me

I only use P2P to download linux distros!

0
0
Anonymous Coward

Uh oh

Expect a rash of "Terrorism related material has found on your PC" scumbagware very shortly.

AC/DC

0
0
Anonymous Coward

Your arse belong to us

Boo hoo 4 U.

0
1
Bronze badge

One of the problems here being, that techies that got really pissed off with Vista's UAC prompt, spread the myth that you should just disable UAC.

Rather than realising that for the majority of users UAC (even Vista's), should of course NOT be disabled and that techies should have just learned to either temporarily disable it, or just deal with it and further to educate users to study the UAC prompt.

Consequence: the effort that went in to designing new versions of Windows that require acknowledgement before running superuser tasks (like OSX and Linux), was in vain.

A geek who's been re-enabling UAC since 2007

(Oh, and the other favourite. Techies advising people to use their XP downgrade license. Utter FAIL)

1
1
Anonymous Coward

UAC

It would be a lot easier to persuade people of the "myth" if UAC wasn't so very, very, very irritating. Is it really, really necessary to ask the "do you want...blah blah" question every single time you want to start a program. I would have thought with all their resources MS could have done better than something that makes the screeching of nails on a blackboard look fun.

1
0
Anonymous Coward

Re: UAC

Wasn't UAC, pay your M$ app tax or your customers will be nagged that your program is dodgy?

Take that you open source scumbags!

0
0
Thumb Down

Only the crap b0rken programs.

Is it really, really necessary to ask the "do you want...blah blah" question every single time you want to start a program?

Only the really ancient, or b0rken, or not-designed-for-supported-windows-versions-really programs do this. One could bite the bullet and, instead of paying for crap security products, upgrade the products they actually use.

How come I don't deal with UAC prompts every time I want to do something productive? Yes, I have UAC turned on and I run my applications as a non-admin as a matter of course.

0
0
Go

Weakness in the user revealed

Consequence: the effort that went in to designing new versions of Windows that require acknowledgement before running superuser tasks (like OSX and Linux), was in vain.

I came up with this concept back in 2006: The simplest Vista virus.

0
0
Bronze badge

Yes but Gordon, they tried.

And what you suggest would work just as well on OSX or Linux.

And AC@23.55 the main purpose of UAC was to force legacy software developers to not run in superuserspace.

0
0
This topic is closed for new posts.

Forums