Tag Archives: trojan horse

The hits just keep coming.


XP Total Security 2012 Trojan Horse screen view
More bad guys than ever are launching cyber-attacks for fun and profit.

Desktop Attacks

I’ve recently encountered an old enemy: a Trojan Horse that’s been around for 3 years or more. It’s recently calling itself XP Total Security 2012 and it’s gotten nastier and more tenacious than its earlier incarnations. I no longer spend much time trying to remove this bad boy: I just backup the infected computer’s data, format the hard drive, re-install Windows, and restore the (scanned) data. Most security experts agree with this tactic.

Server Attacks

Elinor Mills, in an article that appeared in CNet News, June 17, 2011: Keeping up with the hackers, included a chart of recent major break-ins.There are some surprising headliners in the Victims column: RSA, who specialize in security, Sony makes multiple appearances, payroll giant ADP, Citigroup, US Senate,et al.

Sony has been hacked so often, that there’s even a website, hassonybeenhackedthisweek.com. This can’t be good for Sony’s reputation!

I’m thinking of moving from Windows to Ubuntu for my daily web-browsing, just to avoid these constant attacks, security patches, updates, etc.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

SecurityTool makes your PC INsecure

Secure Tool screenshot

This Trojan Horse seems to be helping you defend against infections. Unfortunately, it’s an infection that’s trying to steal your money.

 

I’ve recently encountered a Trojan Horse program called SecurityTool that has a very convincing friendly facade. When I first saw it, I thought that it was a legitimate antivirus program / firewall, similar to Norton 360. It seems to scan your PC and discover infections. It disables all user programs except itself “for your protection” and hijacks the web browser to point the user to a web page where it attempts to have the user buy a program that will “fix” his/her computer. It’s essentially ransomware. Please don’t enter your credit card number when this program is active — who knows who will then capture your credit card info?!

It looks like this originated from the same evil geniuses who created PC Antispyware 2010: http://russbellew.spaces.live.com/Blog/cns!D5F86162D2CCCC87!495.entry

Here are simple instructions to remove SecurityTool: http://www.2-spyware.com/remove-security-tool.html. I’ve found that the folder that contains the SecurityTool executable may have a different name than the one referred to within the article. You may have luck discovering its folder’s name by booting into Safe Mode (press F8 at startup) and running msconfig.exe to examine the startup group. The SecurityTool executable file is easily identifiable because it will probably be the only startup group executable file that’s located in a subdirectory beneath Documents and Settings.

I’ve used a different removal procedure. I physically remove the infected PC’s hard drive, and temporarily hang that hard drive as a slave from a known clean PC, and then (step1) use the clean PC to scan the infected hard drive. AVG 8.5 will detect and remove the offending executable files. This method treats the registry as just another set of files, so after returning the hard drive to the infected PC, you’ll need to scan it. When you’re done, you will probably be left with a vestigial item in the startup group. To avoid this, note what was removed in step 1 and remove any reference to it within the startup group. (Use either msconfig.exe or SpyBot Search & Destroy in Advanced / Tools / Startup to do this.)

Increasingly, I find myself routinely removing infected hard drives from victims’ PCs to scan them on clean PCs. Otherwise, I’m trying to clean an infected PC with an infected PC.

 

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Ask Google what malware it’s found on any website

Detail from “The Procession of the Trojan Horse in Troy” by Giovanni Domenico Tiepolo, who died in 1804.
You can ask Google if it has detected malware or similar problems on any website.
For starters, click the following URL:
Here’s what Google reported about myspace.com a few minutes ago:
What happened when Google visited this site?
Of the 31916 pages we tested on the site over the past 90 days, 72 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-17, and the last time suspicious content was found on this site was on 2009-09-17.
Malicious software includes 77 scripting exploit(s), 5 trojan(s), 1 worm(s).
Malicious software is hosted on 45 domain(s), including <deleted>.
31 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including
<deleted>.
This site was hosted on 29 network(s) including <deleted>.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, myspace.com appeared to function as an intermediary for the infection of 1 site(s)  . . .

 

You can test Google’s safe browsing analyzer on other sites by, within your browser’s address bar, changing myspace.com to another site of interest.
Recent articles about Facebook and Myspace dangers:
Thanks to Steve Gibson’s latest Security Now! podcast for this tip.

 

 

PC Antispyware 2010 is . . . SPYWARE!


screenshot: PC Antispyware 2010

It’s baaaaack!  “PC Antispyware 2010” is a warmed-over version of Antivirus 2009, and just as pernicious.

Stay away from this bad boy — it is bad news. If you should see it on your PC, get thee to a good virus- and spyware- scanner as soon as possible.  I like Bit Defender’s on-line scanner: http://www.bitdefender.com/scanner/online/free.html If this doesn’t work, you may need to remove the disk, temporarily install it as a slave in a known clean PC, and scan the disk from that PC.

Here’s similar malware, posing as anti-malware:

. . . and another . . .

The presence of these Trojan horses is just more evidence that on the Internet, nothing is necessarily what it claims to be.

Read about Antivirus 2009: http://russbellew.spaces.live.com/blog/cns!D5F86162D2CCCC87!360.entry

Do NOT install “Antivirus 2009”!

Antivirus 2009 screenshot
 
There’s a very nasty Trojan Horse program on the loose, which advertises itself as Antivirus 2009. It appears to be a legitimate antivirus program, but in fact is itself a virus.
 
Worse, there are clones on the loose: System Antivirus 2008, Ultimate Antivirus 2008, Vista Antivirus 2008, XP Antivirus 2008 etc. 
 
Antivirus2009 and its clones will try to redirect your web browser to antivirus-premium-scan.com, webscannertools.com, googlescanners-360.com, livesecurityinfo.com, antivirusonlivescan.com, bestantivirusscan.com, antivirus-best.com, internetquarantinesite.com, premiumlivescan.com and secureclick1.com. These websites may attempt to install still more malware on your computer.
 
If you have the misfortune to fall victim to Antivirus 2009 or its clones, you’ll find it difficult to remove. I removed it recently from a customer’s PC, but didn’t document the procedure. I’ve not tested the following procedure, but it looks like it should work: http://www.youtube.com/watch?v=2W5VMPptpzs&feature=related
 
Visit my website: russbellew.com