New fake anti-virus shakes down frightened file-sharers Security researchers have discovered a strain of fake anti-virus software that tries to intimidate supposed file-sharers into paying for worthless software. torrent_alert_scareware SFX Fake AV, first detected by freebie antivirus scanner firm Malwarebytes, blends the features of scareware with those more associated with …
It seriously worries me that these scams keep reappearing. It means that someone, somewhere is making it profitable to continue making them.
These people broke into your computers. Don't pay them. Nobody serves legal notice by instant messaging or little pop-up windows (unless it's from some court that's exhausted EVERY possible way of contacting you, including going via your ISP, and then - does that SOUND like a lawyer to you?). They've popped up a window on your screen against your will after gaining entry to a private PC - just how "helpful" do you think they are trying to be by inciting you to "cover up" your torrents and asking money to do so?
I don't find the existence of viruses surprising - never have, even since the DOS days. Some people just find it a good prank to delete your hard drive or email everyone you know anyway, and some just wrote programs to do just that. I do find their *continued* existence quite annoying, though. Just who exactly is making it profitable to take the risk of creating something like that that may be traced back to you (even if by accident - say, your code takes out a hospital or something equally important, and someone comes looking for you)?
And, for years, viruses have tried to kill programs that might fix them. Several of them kill regedit when detected, for example, because it's quite good at cleaning out Run entries and file associations, not to mention the thousands that kill things like debuggers, antivirus, etc. There's nothing "new" here. People are stupid. That's not new.
So much for modern Windows letting you "keep control" of things like this. Seriously, why does no modern OS STOP programs doing things like killing other, completely unrelated, processes?
I added that disclaimer because UK courts HAVE served notice via Facebook and Twitter when there has been no other possible way to contact the people involved.
And I knew some smartarse would point it out if I didn't. But, basically, those people were *TRYING* to hide from the courts so they were almost uncontactable by normal means.
I dont think these are aimed at computer literate people. Maybe little johnny was looking at websites he shouldnt have, saw the AV popup, clicked "Scan" (install) since little johnny has admin access (only one account on the home PC) then the virus installs happily and little johnny leaves the PC to mum to sort out.
Probably easily done. Ive been called out by the F-in-Law to one of the older typical fake AV scarewares he had accidentally installed. He had "installed" it from a biking forum tainted advert - nothing seedy at all.
Have you heard about the "you've won tickets to a [TEAMNAME] game!" that some law enforcement agencies have pulled in the US? They've tracked down a lot of crims and deadbeat dads, though unfortunately the crims and deadbeats seem to have caught on by now. Brilliant idea, though, and it worked a treat.
This post has been deleted by its author
"I added that disclaimer because UK courts HAVE served notice via Facebook and Twitter when there has been no other possible way to contact the people involved."
OK ... I'm not saying this hasn't happened. I honestly don't know. But, how can the court tell that the twit or farce was actually observed by the intended markperp? Serious question. For example, there are seven people other than myself who could easily access this laptop here in my home office on any given day. In all reality, nobody but the wife ever comes up here ... but there is nothing stopping them.
Wondering if trying to get money out of people who don't want to actually pay for legitimate movies/games in the first place is the best target.
As usual, this type of scam best benefits small indy computer repair shops and IT savvy friends who can get a decent income in removing these types of malware.
" As usual, this type of scam best benefits small indy computer repair shops and IT savvy friends who can get a decent income in removing these types of malware."
In the case of my friends (and family) that IT savvy guy is me - except there's no decent income from doing it, becauseI don't usually charge them.
However, I have decided to change that - if they have to pay for my time then maybe, just maybe, they'll learn to be more careful in future.
One exception: I was offered payment once: an ex colleage rang me when his laprop had an infection. He said he was near my place, and could drop it in to fix it, and said he'd give me a tenner for my time, describing it as 'a nice cash in the hand job' - what a crying shame I was out, then, because I'm always looking to undervalue my time by such a ridiculous amount (not charging at all notwithstanding)
This Dropbox reference was thrown in right at the end, with no explanation.
Do you get an e-mail from the bad guys with a link to their malware laden Dropbox public folder? Do Dropbox themselves install the virus the next time Dropbox has an auto-update?
A bit more explanation would be nice.
My guess would be that it takes a quick look through an infected system and drops itself into a Dropbox folder, getting itself automatically spread to everyone sharing that folder.
Going via email or browser relies on either unpatched holes or user error, while Dropbox will spread it by design.
This article would be at home in a red top daily.
There is nothing about the delivery other than that it is something to do with dropbox. Is there an issue with dropbox i need to know about? some kind of execution and elevation issue?
how does one become infected? and most importantly how do you remove it?
do your homework and come back when you have a proper article.
Are you too stupid and lazy to look into how to remove it yourself? It's a news site*, not school, genius.And people who don't capitalise sentences are hardly in a position to criticise others' writing.
*For the other arses who whinge about how they already knew something; that just means something's not news to *you*. Difficult concept, I know ...
"SFX Fake AV is morphing at a relatively fast rate, so it is something that signature-based vendors will have to watch out for as there will be an increasing number of variants in the wild."
This includes your signature-based Malwarebytes, right? So your own product can't save us. And you're only realizing this twenty years after the fact?!
"Also, the use of [s/Dropbox/some other public system] as a delivery mechanism is a something that the industry is going to have to take into account and protect against, as it is an emerging trend."
Wasn't this done in IRC twenty years ago? Is using Dropbox the emerging trend, or is using anything public for a delivery mechanism the emerging trend? So are we to ban Dropbox at the firewall, now? Or do we finally take before-the-fact measures?
Once again, I ask: Why am I not affected? Why are my clients, co-workers, and so on not affected? The answer may surprise you.
There is nothing new, here. Absolutely nothing. And there's nothing new in preventing this, either.
One of the problems here being, that techies that got really pissed off with Vista's UAC prompt, spread the myth that you should just disable UAC.
Rather than realising that for the majority of users UAC (even Vista's), should of course NOT be disabled and that techies should have just learned to either temporarily disable it, or just deal with it and further to educate users to study the UAC prompt.
Consequence: the effort that went in to designing new versions of Windows that require acknowledgement before running superuser tasks (like OSX and Linux), was in vain.
A geek who's been re-enabling UAC since 2007
(Oh, and the other favourite. Techies advising people to use their XP downgrade license. Utter FAIL)
It would be a lot easier to persuade people of the "myth" if UAC wasn't so very, very, very irritating. Is it really, really necessary to ask the "do you want...blah blah" question every single time you want to start a program. I would have thought with all their resources MS could have done better than something that makes the screeching of nails on a blackboard look fun.
Is it really, really necessary to ask the "do you want...blah blah" question every single time you want to start a program?
Only the really ancient, or b0rken, or not-designed-for-supported-windows-versions-really programs do this. One could bite the bullet and, instead of paying for crap security products, upgrade the products they actually use.
How come I don't deal with UAC prompts every time I want to do something productive? Yes, I have UAC turned on and I run my applications as a non-admin as a matter of course.
Consequence: the effort that went in to designing new versions of Windows that require acknowledgement before running superuser tasks (like OSX and Linux), was in vain.
I came up with this concept back in 2006: The simplest Vista virus.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
