New fake antivirus accepts SMS payments

There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.

Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.

When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome to" and names a popular antivirus software and suggests closing other applications. If the victim falls for the ruse, it then displays a message that says "To complete installation, you must go through activation" and offers several ways to pay, including SMS (Short Message Service), WebMoney, and credit card.

If you click "cancel", the program won't install, compared with typical fake antivirus programs that have already infected the system by the time the victim realizes what is happening and keep displaying the annoying pop-up messages, even after reboot, Khetarpal said.

The company has seen five versions of the rogue security programs masquerading as software from Avast, Norton, McAfee, BitDefender, and RootKitBuster, and they, as usual, target Windows systems.

Khetarpal could not say how widespread the malware is but said he has seen it in a "lot of Web sites" and in relation to search results for popular and trending topics.

Fake AV scammers aren't the only ones to hop on the SMS payment bandwagon. Scammers were found to be seeking payment by SMS for fake browser updates earlier this year, according to GFI Labs.

Kaspersky Lab warns of fake trial resetter app

Kaspersky Lab, a developer of secure content and threat management solutions, is warning users of key generators and software cracks that can steal information from computers.

The malware, identified as Trojan-PSW.MIL.Agent.wx, disguises itself as a Kaspersky Trial Resetter, which is used to reset a software evaluation period that has expired.

Instead of extending the evaluation period of a legitimate software, it steals information from the infected computer -- from passwords saved in a web browser to other installed applications.

Kaspersky Lab said Microsoft's Internet Explorer is the browser most targeted by the virus, followed by Mozilla Firefox, Google Chrome and Opera.

The Trojan has so far stolen information from MSN accounts (400), Ebay accounts (175), Facebook accounts (169) and ICQ accounts (116), the company said.

"I hope these statistics will convince you that downloading pirated software is not a good idea," said Kaspersky Lab security expert Nicolas Brulez.

He added, "Users who thought they were downloading a crack for a security solution ended up being infected. It's also clear that saving your passwords within your browser isn't the best idea."

According to Brunez, a total of 1,109 computers -- or an average of 48 a day -- have been infected in 23 days. The malware was reportedly created on January 31 this year and was detected on February 6.

Germany is said to have the most number of infections at 29%, followed by Holland (11%), France (3%), Poland and United Kingdom (1% each). The remaining 55% are spread out across the globe, Kaspersky Lab said.

New way removing virus from a computer

Step by step instructions to get rid of viruses:

STEP 1:what I did is that i created a secondary account on my computer for backup plan if my main account is infected badly were the antivirus program wont come up and get rid of the virus.
STEP 2:hold the power button on your computer until it turns off. let it sit for a minute or two. turn it back on and log in when the log in screen comes up. click on the antivirus program that you bought. if your antivirus program doesnt come up and you tried everything. then log off or shutdown your computer and use your secondary
account you created.
STEP 3: go to the control panel on your seconary account and click on USER ACCOUNTS AND FAMILY SAFETY. then go to ADD OR REMOVE USER ACCOUNTS after that then click on the user account and then click on delete user account. it will get rid of the account. ONLY DO THIS IF YOU HAVE TOO.

Norton 360 5.0: Social Networking Security

Things have come a long way since the days of the early antivirus software. Just developing an antivirus these days isn’t considered good enough, so internet security suites were born which cover everything from viruses to spam to malware.
Norton 360 was born out of a need for a simplistic security solution for the layman. The latest revision of the popular suite Norton 360, 5.0 was launched earlier this month.

User Interface
Norton 360 5.0 installation is simpler than most other antivirus and security suites. On first impressions, the new Norton 360 5.0 doesn’t look a lot different than the previous versions except for the Verisign logo on the left bottom of the UI.The broad features of the suite are PC Security, Identity Protection, Backup and PC Tuneup.

Trend Micro acquires Mobile Armor

Mobile Armor now to be called as Trend Micro Endpoint Encryption offering
Trend Micro, a provider of Internet content security, has completed the acquisition of Mobile Armor on 1 February 2011.
The acquisition is a part of Trend Micro's data protection portfolio extending encryption offerings in the cloud. The agreement was announced on 29 November 2010.
Mobile Armor Data Armor Suite has now changed to Trend micro Endpoint Encryption offering after the acquisition.
The product is now a centrally managed encryption offering that includes full disk and file/folder capability, delivers software-based encryption and support for self-encrypting drives, and covers PCs, Windows Smartphones and Removable Media, said the company.
Trend Micro chief product officer Steve Quane said they are pleased to complete the acquisition of Mobile Armor and welcome new employees, partners and customers to the Trend Micro family.
"Trend Micro is helping government agencies, enterprise customers, SMBs and consumers around the globe protect their data whether stored on a local PC or mobile device or in a virtualized environment or public cloud," Quane said.
http://us.trendmicro.com/us/partners/strategic-partners/mobile-armor/

Fraud Theft by Rouge Anti-Virus Software

Fraud theft has many faces – none of which are pretty – but perhaps the most insidious is that of Rouge Anti-Virus Software scams.

One of the newest virus threats online comes to your computer as a true “wolf wrapped in sheep’s clothing.” System Tool 2011, and other such malware, is being e-mailed to computers all over the world, causing damage and bilking its victims out of hundreds of dollars.

The Scam

Unless you work, live, and breathe for computers, you probably aren’t familiar with online theft information regarding the term “rogue” anti-virus software until you become a victim. This is not optimal way to learn about the deleterious effects it can have on your computer and bank accounts.

Rogue anti-virus software is spread over the Internet the same way other viruses are: in e-mail attachments, as a part of a shareware software bundle all with the help of a Trojan. (Trojans are software packets that sneak inside your hard drive hiding within another download, much the same way the actual warriors hid inside the horse.) One of the most successful, and most damaging, of these rogue anit-virus programs is System Tool (also known as systemtool and System Tool 2011).

Rogue anti-viruses have no affinity for malware, Trojan, or other harmful programs’ removal because they are in and of themselves malware. Their real and only purpose is theft fraud by capturing your credit card information under false pretenses. This qualifies rogue virus software as identity fraud theft scams at their finest.

How it Works

Once inside your computer, System Tool, or any other rouge anti-virus program, springs into action without your knowledge or consent. It self-installs and plants its malignant files deep within your registry. It sets itself to begin on your computer’s start up.

The next time you turn on your computer you will be greeted with a legitimate-looking scan results screen listing the many programs System Tool has detected within your computer. The list is fake – a scare tactic to motivate you to click the removal button option.

Once you click the remove button, a message will prompt to you to activate your account or subscription. To do this you need to pay for a one, two, or lifetime subscription option. To keep you motivated, new messages are popping up all the while proclaiming new infestations, infected files, and other damages needing repair.

Don’t fall for it. The messages are fake. The infections are fake. The computer scan results are also fake. They are all part of System Tool’s design to entice you to impart of your credit card information willingly. This program is a virus itself, so it will not do anything but mess up your computer and then take your money and run.

Recovery

First off, if you have paid for System Tool (now that you are wiser), call your credit card company and dispute the charges.

The next step is getting it off of your computer. This can be tricky because part of the programming is aimed at keeping itself alive inside your hard drive by blocking attempts to remove it. Legitimate virus removal software does not always recognize and remove it because the malware looks like real anti-virus software.

To be certain you are rid of System Tool, you will most likely need the help of an experienced computer wiz, a visit from the Geek Squad, or someone similarly qualified.

The process of starting the computer in safe mode and sifting through real system files from fake ones will be simple for them but difficult and dangerous for a novice.

Malware Posing as Fake Desktop Utilities Instead of Phony Antivirus

In the past two months, fake anti-virus scareware has morphed into variants pretending to be generic security products, disk utilities and the trusty defrag tool, according to researchers.

Recently, researchers at GFI Software have noticed an increase in the number of fake security software scams purporting to be disk utilities that fix disk errors. Instead of listing Trojans, these security alerts pretends to find disk fragmentation or file system integrity problems.

“Fake AV authors have added a new branch to their rogueware business,” Desai said. He expects to see more variants of both fake anti-virus and utilities in the coming months.

The rogue products initially looked like a generic security product, addressing a range of system issues with names like HDDDDiagnostic, PCoptomizer and Privacy Corrector, according to GFI. Since then, there’ve been a series of “defragger clones” with names like UltraDefragger and ScanDisk that claim to find read/write errors on the hard disk drive, according to the blog.

The fake disk defrag and scanning utilities started showing up in mid-October, according to Deepen Desai, senior researcher from SonicWALL’s threats team. He noted that new variants are often “A/V resistant” because legitimate security products may not be able to immediately identify the files as fake. Rand Abrams, director of technical education at ESET said these variants are “not yet as popular as they will become.”

Scareware refers to software that displays legitimate looking pop-up windows and dialog boxes claiming serious problems with the user’s computer. Often posing as anti-virus or anti-spyware software, the messages list several malware infections and scare the user into purchasing anti-virus software immediately to fix the problem. Some known variants mimic Microsoft Security Essentials or McAfee, while others have real-sounding names such as Security Tools or Pest Detector.

Fake utilities are generally marketed differently from fake A/V, said Larsen. The potential victim is generally already searching for a disk utility or trying to resolve an issue when the scammer says, “’Here’s what you were searching for,’ and hand them a malware payload instead,” said Larsen.

Users should be wary of any error messages coming from software they didn’t install, and should not purchase or install any software that suggests downgrading the Web browser to an older version, according to GFI Software’s researchers.

There are even some variants that detect legitimate anti-virus software and prompt users to uninstall it, according to Sophos researcher Chester Wisniewski.