Prev: What exactly is "The Metasploit Project" ?
Next: Queries about Norton Antivirus Corporate Edition and Client Firewall
From: FromTheRafters on 27 Dec 2009 18:59
"Turnipweed" <me(a)pit.com> wrote in message
news:dnofj5dpuqmmmv4jprjec2j7mpq91hjeol(a)4ax.com...
>
>
> I guess I've cleaned fake spyware cleaners from 2 dozen computers. You
> know the ones:***
>
> Total Security 2009
> Windows System Suite
> System Security
> Personal Antivirus
> System Security 2009
> Malware Doctor
> Antivirus System Pro
> WinPC Defender
> Anti-Virus-1
> Spyware Guard 2008
>
> And so on. I think most are based on Smitfruad or close variants.
>
> When friends call, the first thing I do is google the fake du jour.
>
> Googling always turns up all sorts of different removal procedures and
> blogs. Most of them have similar embedded links to SpywareDoctor.
>
> The linkages are subtle, and seem to be intentionally kept low key.
> It's hard to explain, but try it! I bet more than 75% send you to
> SpywareDoctor, without the usual fanfare. All the "blogs" and "removal
> procedures" are done in the same precise, bland style.
>
> Has anyone else noticed this, and suspected a "symbiotic" relationship
> between SpywareDoctor and the fake AV Trojans?

I just figured that it made good sense to load metadata with recent
threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV" or
"Security Suite 2011" has a good chance of landing you on their (or an
affiliate's) webpage if loaded with such data.



From: Bob Adkins on 27 Dec 2009 19:04

>> Has anyone else noticed this, and suspected a "symbiotic" relationship
>> between SpywareDoctor and the fake AV Trojans?
>
>I just figured that it made good sense to load metadata with recent
>threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV" or
>"Security Suite 2011" has a good chance of landing you on their (or an
>affiliate's) webpage if loaded with such data.


Of course.

What I'm saying is, there are many sites with removal procedures and
blogs that send you to SpywareDoctor. Too many, it seems to me, to be
a coincidence.

From: FromTheRafters on 27 Dec 2009 19:55

"Bob Adkins" <me(a)pit.com> wrote in message
news:vctfj5ddj7oiaijgjt4unfm0k1huco3je2(a)4ax.com...
>
>>> Has anyone else noticed this, and suspected a "symbiotic"
>>> relationship
>>> between SpywareDoctor and the fake AV Trojans?
>>
>>I just figured that it made good sense to load metadata with recent
>>threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV"
>>or
>>"Security Suite 2011" has a good chance of landing you on their (or an
>>affiliate's) webpage if loaded with such data.
>
>
> Of course.
>
> What I'm saying is, there are many sites with removal procedures and
> blogs that send you to SpywareDoctor. Too many, it seems to me, to be
> a coincidence.



I don't think they are related in any way to the actual malware, but the
methods they seem to use to obtain high seach engine results have always
made me suspicious.

Following a malware as suggested will lead to many supposed removal
tools (many of which are as bad or worse than the malware they are
purporting to remove). On occasion someone will post one rogue as the
solution to another rogue in the groups.

I'm not sure I even trust PCTools for anything. :o\


From: Turnipweed on 27 Dec 2009 21:12
On Sun, 27 Dec 2009 19:55:51 -0500, "FromTheRafters"
<erratic(a)nomail.afraid.org> wrote:



>I'm not sure I even trust PCTools for anything. :o\

Same here.

It's too bad the fake AV's are so hard to fix, and the fixes are not
real trustworthy. If someone was really ambitious and honest, they
could get rich (or at least famous).

There REALLY needs to be international laws dealing with the polecats
that spread them. Every time I have to fix one, I want someone put
behind bars. :D

From: Buffalo on 27 Dec 2009 21:40


Turnipweed wrote:
> On Sun, 27 Dec 2009 19:55:51 -0500, "FromTheRafters"
> <erratic(a)nomail.afraid.org> wrote:
>
>
>
>> I'm not sure I even trust PCTools for anything. :o\
>
> Same here.
>
> It's too bad the fake AV's are so hard to fix, and the fixes are not
> real trustworthy. If someone was really ambitious and honest, they
> could get rich (or at least famous).
>
> There REALLY needs to be international laws dealing with the polecats
> that spread them. Every time I have to fix one, I want someone put
> behind bars. :D

Yeah, what we really need is more laws, so the lawyers can become even
richer. :)
Buffalo
PS: Anyhow, the free version of MBAM (MalwareBytes AntiMalware) and the free
version of SAS (SuperAntiSpyware) are both excellent programs that, it
sounds like, you might find very useful!


 |  Next  |  Last
Pages: 1 2 3 4 5 6 7
Prev: What exactly is "The Metasploit Project" ?
Next: Queries about Norton Antivirus Corporate Edition and Client Firewall