Bogus "Your Computer is Infected" warnings

[bearack]

From what I can gather, many of the recent attacks of hostageware through advertising can be tracked back to what is now being called:

"Internet Security 2010"

Removal instructions can be found here along with a download for an automated removal tool:

http://www.2-spyware.com/remove-interne ... -2010.html

There are many variants as they are being modified as fast as they can be tracked and neutralized. It's probable its a Russian hacker group that's mobile and very difficult to track.

ALP, was this part of the recent MS windows security update?

 

[drwayne]

I am - concerned that as tools for detection and removal such as MalwareBytes are identified,
that the folks that write this stuff are identifying work arounds to get around those tools.

MWB has been disconcertingly quiet lately

 

[bearack]

I am - concerned that as tools for detection and removal such as MalwareBytes are identified,
that the folks that write this stuff are identifying work arounds to get around those tools.

MWB has been disconcertingly quiet lately

I've opted to disable advertising which seems to be the biggest culprit. Which, I'm sure SDC doesn't like by my system was getting hammored by these attacks.

 

[a_lost_packet_]

...ALP, was this part of the recent MS windows security update?

I don't know that anything can be directly traced to the recent security update. I haven't any info on that. I do remember reading some scuttlebutt about a giant hole somewhere in Microsoft's system that they were trying to fix but, I think that was before the latest update. Incidentally, there's rumors of a Firefox exploit surfacing out there as well with Firefox working on a fix before it becomes known and exploited.

The avenue of attack that the Internet Security 2010 hostageware uses is a common one, as far as I know. It's not impossible or extremely difficult to remove given one has access to the right tools and a guide on how to use them. It's similar to many viruses that use hosted advertising with the exception that this one is being constantly updated by its creators. So, they're dodging and weaving on both sides of the hat, so to speak.

Edit- Add- Ref - The Microsoft Security Bulletin for the March patch.

http://www.microsoft.com/technet/securi ... 0-mar.mspx

 

[a_lost_packet_]

I am - concerned that as tools for detection and removal such as MalwareBytes are identified,
that the folks that write this stuff are identifying work arounds to get around those tools.

MWB has been disconcertingly quiet lately

Every good virus is going to take into account security software. So, they'll do all they can to disable known programs that could detect them.

One thing a good security package will have are programs resident in memory that, if nothing else, can identify a possible virus by its behaviors. These heuristics programs are difficult to fool without a big exploit. So, some viruses like the Internet Security 2010 virus try to mask themselves as legitimate programs in hopes that they can get the user to authorize the install, bypassing the complaints of any heuristics warnings as it's a user initiated install. In the case of the advertising vector, a simple mouseclick trying to close the window can bring the user into an environment where their heuristics, protection and blocks can be directly assaulted or even avoided or, at the worst, act as user authentication to install their program directly.

We (SDC visitors) might be experiencing this current spate of attacks more frequently than the general internet population. I'll try to see what I can find on that.

 

[a_lost_packet_]

More info on removing "Internet Security 2010" infections and removal:

(A very good list of actions and tools here)

Social Answers-Microsoft Forums-Internet Security 2010 Thread
http://social.answers.microsoft.com/For ... a1e31868da