All the latest UK technology news, reviews and analysis
|
|
|
15 Oct 2009
Security researchers are warning of a dangerous new trend in the promotion of fake anti-virus programs known as 'rogueware', which could lead to users' PCs being hijacked and rendered inoperable if they fail to pay a ransom.
Experts at PandaLabs, the anti-malware laboratory at cloud security firm Panda Security, said that users could be infected unknowingly through visiting a hacked web site.
An infected PC will leave the owner unable to open documents, run programs or carry out any tasks. They will then typically see a series of warnings about the infection, along with instructions to buy an anti-virus product called Total Security 2009, which is charged at £74.50.
Users who pay the ransom will receive a serial number, which will release all files and executables, allowing them to work normally again, although the fake anti-virus remains on the machine.
"The way this 'rogueware' operates presents a dual risk. Firstly, users are tricked into paying money simply in order to use their computers, and secondly, these same users may believe that they have genuine anti-virus installed on the computer, thereby leaving the system unprotected," said Luis Corrons, technical director of PandaLabs.
"Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked. The only application that can be used is the internet browser, conveniently allowing the victim to pay for the fake anti-virus."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java / J2EE analyst programmer with experience of building...
Crystal Reports Developer London or Dublin £340 per day...
Our client is a major Broadcasting company seeking a...
Support Engineer required to work for leading Online...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Stop similar happening
I found this virus in my daughters pc, it places a randomly named exe in the startup group. To delete, start as administrator, delete all c:\users\infecteduser\appdata\temp exe files then take ownership of their windows startup folder giving then read / exec access. If they or any malicious code now tries to place an item in the startup group it is not possible. Im no windows expert but this seems to work (only if your user is a non admin type!)
Posted by: M K T 13 Dec 2011
Paying Ransom Is No Protection
To users held hostage-- providing a credit card number is an extremely bad idea. Providing payment will NOT return life to normal for you or your computer. Why will payment not release you? First, with a credit card number, the thieves already have obtained what they want, and need not supply anything to you at all. Tracing payment to the extortioners is difficult-- they have taken at least some measures to launder their payoff instantly, if received. Secondly, anything they do supply to you will permit them to do the same thing again. For example, the "release key" does not end their ability to RELOCK the computer at any time-- as when the extortioners want another payment, and have exhausted the benefits of your first credit card. PAY NOTHING to free the system, and do not use your credit card online while extortionware is still on your system. Avoid using online banking, for example, until the computer is clean-- the thieves anticipate you will check your account, and may install a "keylogger" to monitor your key and mouse movements to obtain your account information, log-in name and password... REMEDY-- Pay a reputable computer specialist to clean the system. Often, universities' computer science departments know of, and can refer you to such people. Also, police departments often hire computer specialists and can refer you to such people. Although some users believe they "know" where an infection came from, this impression is not reliable. The extortionware can be set to activate many days, or longer, after actual infection..
Posted by: Bob Greene 19 Dec 2009
Good Old Total Security
They latest version of Total Security have been coming with a rootkit (filenames look like UAC rootkit to me, but I'm not a researcher). This one is pretty easy to kill from a BartPE disk if you know what files to look for, and where to look for them. For those who do not know what files to look for, there are numerous bootable anti-virus disks (such as the Avira AntiVir Rescue System) that will usually detect and remove the rootkit's drivers, allowing utilities to run when the system is booted normally. The way most experts prefer to fix it when helping users online is with ComboFix. When it's being blocked, renaming it to change the extension from .exe to .com usually takes care of it (I like to give it a random name with a .com extension). Note that normal users should never run ComboFix on their own though, as it is far more than just a quick fix tool. Anyone who wants training in how to use ComboFix, and in how to remove malware in general, should check out one of the online schools (all free) listed at UNITE: http://www.uniteagainstmalware.com/schools.php
Posted by: Arthur Wilkinson 16 Oct 2009
there is a way out of it
This occured last week on my PC. The only way I could stop it was to control-alt-delete to stop the programme running - but you have to be fast as the task manager screen is only visible for a few seconds each time you call it up. Once you stop the programme restore to a previous system restore point and reboot. The rougeware is no longer in the start up and hence does not run. I found the file as a number in my documents - simply delete it. Run anything you have the ensure your PC is clear - AVG Spybot. I'm not a techie - there may be other ways but this does work. Unfortunately anyone who may have this rougeware running will not see my method of getting rid of it.
Posted by: Ken Barron 15 Oct 2009