Rogue anti-virus software points to fake reviews

[DaBees-Knees]

http://www.theinquirer.net/inquirer/news/101/1051101/rogue-anti-virus-software-fake-reviews

In a NEW TWIST introduced by increrasingly sophisticated purveyors of dodgy anti-virus software, hapless computer users are being directed to convincing clones of review sites which offer glowing reports on the malicious software. Hacks from Bleeping Computer discovered that, during the process of deliberately installing a well-known rogue anti-spyware programme called Anti-Virus-1, the installer added a series of mysterious entries into the Windows Host file. The entries redirect Internet browsers to fake versions of review sites including the likes of PC Pro and Revoo.com which are directly under the control of the hucksters and, of course, recommend that you cough up your cash to download the useless software.

Theres's a full list of the sites being turned over here.
     O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com
    O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
    O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
    O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
    O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
    O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
    O1 - Hosts: 217.20.175.74 www.reviews.download.com
    O1 - Hosts: 217.20.175.74 reviews.download.com
    O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
    O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
    O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
    O1 - Hosts: 217.20.175.74 reviews.pcmag.com
    O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
    O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
    O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
    O1 - Hosts: 217.20.175.74 reviews.reevoo.com
    O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
    O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
    O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
    O1 - Hosts: 217.20.175.74 reviews.techradar.com

By adding these entries into your HOSTS file, it will make it so that if you go to any of the web sites listed above, instead of going to the legitimate site, you will instead be redirected to a site under the control of the developers of Anti-virus-1 and not realize you are doing so. It is not uncommon for malware to add entries to your HOSTS file, but what is new is the content being shown to you when you visit these sites. We have to remember that the purpose of any rogue software is to trick you into thinking it is legitimate and then to have you purchase it. One of the best ways to convince someone that something is not only legitimate, but a quality product, is for a well known and respected site to give it a good review. This is exactly what Anti-virus-1 is doing. They are modifying the HOSTS file, and then showing these fake review pages from CNET, PC Magazine, Tech Radar, Reevo, ZDNet, etc in order to trick the infected user into thinking these sites are writing reviews about how excellent the Anti-virus-1 program is. An example is the fake review supposedly written by Neil Rubenking for the PC Magazine site as shown below. In reality, though, these reviews were written by the developers of Anti-virus-1 instead and they are hosted on their servers.

Review of Anti-virus-1 on fake PCMag.com Site.......(you will need to go to the original article to see the picture)

The amount of social engineering techniques that Anti-virus-1 uses is the most I have seen so far in a rogue. In this rogue alone, they use fake security alerts, screen savers showing a blue screen crash caused by a spyware and then a fake reboot, Internet Explorer hijacks, and now fake review sites. It really comes as no surprise why so many people are tricked into purchasing these types of software. Hopefully articles like this will inform people on what tricks these programs use so they do not fall prey to this scam as well. We have put together some screen shots of some of the other fake reviews (You need to read the original article to see those). If you have become infected with Anti-virus-1 please do not fall for their tricks. Instead, use the removal guide that I linked to below in order to remove and uninstall it for free.

www.bleepingcomputer.com/malware-removal

What pity that they haven't been taken down quickly. This sort of thing needs sorting out with an iron fist.

[RReactor]

i had gotten that garbage installed on my computer as well and my computer went nuts

[RReactor]

i actually had to do a hard drive swap as a format didn't get rid of the problem some torrent apps could have the malware in it so you have to be carefull actually if you have favorite apps that work good you should keep the installer so that you know its clean and can share it with anyone that needs what you have i keep all the apps that i use on all my computers on a external hd so that if i have any problems all my apps i use are available to install

[]-[êll.Ôñ.ËÀR'][']-[.]

Morrel there is to stick with what you no is safe and if something new comes up at least google it to check usually they are flagged up somewhere if not all over as mallicious software.

[RReactor]

the way i set up my computers is put a small hard drive as the c drive and only have windows and program files there and i have my downloads go there as well but i have 1 or 2 bigger hard drives that i keep stuff  to save on that way if i do have any real bad problems its no biggy either formatting the drive with the OS  on it if you cant fix the problem by other means and if that still don't take care of the problem and a hard drive swap is needed its not gonna be that costly and no need to have to worry about transferring  saved files

[White Stripes]

i actually had to do a hard drive swap as a format didn't get rid of the problem

er... you dont have to 'harddrive swap' to completely erase something...

* Silver Stripes wonders what kind of 'format' you did...

[]-[êll.Ôñ.ËÀR'][']-[.]

I'm with you there i never had a problem that a format couldn't take care of .. even if it meant using partition magic or similar formater to do so instead of the o/s disc 1st
Sometimes a dirty disk will cause problems with formatting and a quick clean will sort them out ( as they are not used so often theycollect crap on the disk sometimes)