back to article New twist as rogue antivirus enters death throes

A rogue anti-virus program called Defru has taken to the browser to find a smarter way of infecting users, Microsoft researchers say. The Defru malware blocks users from visiting certain websites and instead displays warnings about fake perceived threats while the correct intended web address was still displayed. Most victims …

  1. Richard Boyce

    Spelling

    "You're", not "your". Someone should be catching these errors before publication.

    1. Eugene Crosser

      Re: Spelling

      I guess it was (semi?)deliberate. But I wish they hadn't done it. It's pain enough to see in reddit comments.

  2. gregthecanuck

    So we are being told we need an anti-virus anti-virus?

  3. Jock in a Frock

    @gregthecanuck

    No, this article is already out of date. Now you need anti-virus anti-virus anti-virus.

  4. Refugee from Windows

    Still doing the rounds

    I remember these, I had one years ago. It showed all these nasties resident in my C: drive which was pretty awsome, considering the machine was running something with ext3 as the file system. Just a browser animation it seems.

    1. AlbertH

      Re: Still doing the rounds

      Some of the fakes are quite convincing these days. There's fake McAfee, AVG and Avira - install any of these free "anti-virus" efforts, and the machine is effectively trashed. One of them was particularly malicious and corrupted the machine's BIOS once it had spread further - this was obviously designed to trash a company's computers, but got into the wild!

      The only real cure to this virus nonsense is to run (almost) anything other than Windoze, and make sure that you're running as a "normal" user. As ever more people leave the M$ malware for proper Operating Systems, the prevalence of these viruses will reduce.....

      1. Anonymous Coward
        Anonymous Coward

        Re: Still doing the rounds

        You did just make that lot up, right???

  5. Primus Secundus Tertius

    Be a pleb

    It is much harder to corrupt the hosts file if you are running as an unprivileged user.

    There again, if you need admin privilege to run a poorly-written work application, perhaps you should not surf during work time.

    1. Stuart 22

      Re: Be a pleb

      "It is much harder to corrupt the hosts file if you are running as an unprivileged user"

      The default on most Linux distributions? Why would you do it any different for end user installations home or away?

      Just askin'

      1. Primus Secundus Tertius

        Re: Be a pleb

        I was, of course, referring to the vast majority of installations (including my own) which run Windows. I am typing this as a pleb user on my own machine set up by me. Some of my relatives have been caught by viruses because they were running as administrator.

        XP was notorious for in-house applications that were sloppily written and would not run properly except as administrator.

  6. Anonymous Coward
    Anonymous Coward

    Most victims are based in Russia

    From now on, by the presidential decree of gaspadin Putin, such Western scumware is banned in Russia! Problem solved!

  7. VinceH

    "Defru has a different and simpler approach ... it prevents the user from using the internet by showing a fake scan when using different websites."

    And the malware displays a message saying:

    "Detected on your computer malicious software that blocks access to certain Internet resources, in order to protect your authentication data from intruders the defender system Windows Security was forced to intervene."

    So up until the comma, the malware is actually telling the truth - it's just referring to itself.

    1. lglethal Silver badge
      Thumb Up

      Whats that old saying

      A good lie contains at least half truth...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like