gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 26, 2024, 05:29:14 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Rogue anti-virus software points to fake reviews
gfx
gfxgfx
 

Author Topic: Rogue anti-virus software points to fake reviews  (Read 6354 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Rogue anti-virus software points to fake reviews
« on: February 21, 2009, 10:25:41 am »
http://www.theinquirer.net/inquirer/news/101/1051101/rogue-anti-virus-software-fake-reviews

Quote
In a NEW TWIST introduced by increrasingly sophisticated purveyors of dodgy anti-virus software, hapless computer users are being directed to convincing clones of review sites which offer glowing reports on the malicious software. Hacks from Bleeping Computer discovered that, during the process of deliberately installing a well-known rogue anti-spyware programme called Anti-Virus-1, the installer added a series of mysterious entries into the Windows Host file. The entries redirect Internet browsers to fake versions of review sites including the likes of PC Pro and Revoo.com which are directly under the control of the hucksters and, of course, recommend that you cough up your cash to download the useless software.

Theres's a full list of the sites being turned over here.
     O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com
    O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
    O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
    O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
    O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
    O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
    O1 - Hosts: 217.20.175.74 www.reviews.download.com
    O1 - Hosts: 217.20.175.74 reviews.download.com
    O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
    O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
    O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
    O1 - Hosts: 217.20.175.74 reviews.pcmag.com
    O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
    O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
    O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
    O1 - Hosts: 217.20.175.74 reviews.reevoo.com
    O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
    O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
    O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
    O1 - Hosts: 217.20.175.74 reviews.techradar.com

By adding these entries into your HOSTS file, it will make it so that if you go to any of the web sites listed above, instead of going to the legitimate site, you will instead be redirected to a site under the control of the developers of Anti-virus-1 and not realize you are doing so. It is not uncommon for malware to add entries to your HOSTS file, but what is new is the content being shown to you when you visit these sites. We have to remember that the purpose of any rogue software is to trick you into thinking it is legitimate and then to have you purchase it. One of the best ways to convince someone that something is not only legitimate, but a quality product, is for a well known and respected site to give it a good review. This is exactly what Anti-virus-1 is doing. They are modifying the HOSTS file, and then showing these fake review pages from CNET, PC Magazine, Tech Radar, Reevo, ZDNet, etc in order to trick the infected user into thinking these sites are writing reviews about how excellent the Anti-virus-1 program is. An example is the fake review supposedly written by Neil Rubenking for the PC Magazine site as shown below. In reality, though, these reviews were written by the developers of Anti-virus-1 instead and they are hosted on their servers.

Review of Anti-virus-1 on fake PCMag.com Site.......(you will need to go to the original article to see the picture)

The amount of social engineering techniques that Anti-virus-1 uses is the most I have seen so far in a rogue. In this rogue alone, they use fake security alerts, screen savers showing a blue screen crash caused by a spyware and then a fake reboot, Internet Explorer hijacks, and now fake review sites. It really comes as no surprise why so many people are tricked into purchasing these types of software. Hopefully articles like this will inform people on what tricks these programs use so they do not fall prey to this scam as well. We have put together some screen shots of some of the other fake reviews (You need to read the original article to see those). If you have become infected with Anti-virus-1 please do not fall for their tricks. Instead, use the removal guide that I linked to below in order to remove and uninstall it for free.

www.bleepingcomputer.com/malware-removal
Quote

What pity that they haven't been taken down quickly. This sort of thing needs sorting out with an iron fist.


Offline RReactor

  • Forum Member
Re: Rogue anti-virus software points to fake reviews
« Reply #1 on: March 10, 2009, 11:41:21 am »
i had gotten that garbage installed on my computer as well and my computer went nuts
RReactor

Offline RReactor

  • Forum Member
Re: Rogue anti-virus software points to fake reviews
« Reply #2 on: March 12, 2009, 04:47:18 am »
i actually had to do a hard drive swap as a format didn't get rid of the problem some torrent apps could have the malware in it so you have to be carefull actually if you have favorite apps that work good you should keep the installer so that you know its clean and can share it with anyone that needs what you have i keep all the apps that i use on all my computers on a external hd so that if i have any problems all my apps i use are available to install
RReactor

Offline ]-[êll.Ôñ.ËÀR'][']-[.

  • WMW Volunteer
  • *****
  • Its hard being me...but i do it just great.
Re: Rogue anti-virus software points to fake reviews
« Reply #3 on: March 12, 2009, 04:38:13 pm »
Morrel there is to stick with what you no is safe and if something new comes up at least google it to check usually they are flagged up somewhere if not all over as mallicious software.
      

Offline RReactor

  • Forum Member
Re: Rogue anti-virus software points to fake reviews
« Reply #4 on: March 12, 2009, 05:21:38 pm »
the way i set up my computers is put a small hard drive as the c drive and only have windows and program files there and i have my downloads go there as well but i have 1 or 2 bigger hard drives that i keep stuff  to save on that way if i do have any real bad problems its no biggy either formatting the drive with the OS  on it if you cant fix the problem by other means and if that still don't take care of the problem and a hard drive swap is needed its not gonna be that costly and no need to have to worry about transferring  saved files
RReactor

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Rogue anti-virus software points to fake reviews
« Reply #5 on: March 12, 2009, 06:20:49 pm »
Quote
i actually had to do a hard drive swap as a format didn't get rid of the problem

er... you dont have to 'harddrive swap' to completely erase something...
* Silver Stripes wonders what kind of 'format' you did...

Offline ]-[êll.Ôñ.ËÀR'][']-[.

  • WMW Volunteer
  • *****
  • Its hard being me...but i do it just great.
Re: Rogue anti-virus software points to fake reviews
« Reply #6 on: March 13, 2009, 11:29:09 am »
I'm with you there i never had a problem that a format couldn't take care of .. even if it meant using partition magic or similar formater to do so instead of the o/s disc 1st
Sometimes a dirty disk will cause problems with formatting and a quick clean will sort them out ( as they are not used so often theycollect crap on the disk sometimes)
      

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Rogue anti-virus software points to fake reviews
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.009 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!