Friday, August 20, 2010

“Virus Fools People Into Uninstalling Their Antivirus Software” plus 1 more

“Virus Fools People Into Uninstalling Their Antivirus Software” plus 1 more

Virus Fools People Into Uninstalling Their Antivirus Software

Posted: 19 Aug 2010 04:23 PM PDT

In a press releases issued today, Symantec warns that the AnVi Antivirus will give users a pop up telling them that there is a problem with their current antivirus software, then it will encourage them to remove it immediately. The virus will display this cheeky little message:

"Uncertified [program name] antivirus software detected on your computer. You need to remove {antivirus name} software for correct operation of the Antivirus.

Attention: If you don`t remove [program name] software, the performance of your computer will dramatically degrade.

Press "OK" to remove the [program name]"

Whether or not the user hits the ok button or not, the virus will begin the uninstall process for the antivirus software on the computer.

Once the legitimate antivirus software has been removed, the program connects to a website and begins to download its own anti-antivirus program, which will then gleefully wreak havoc on your system. The fake antivirus software then attempts to convince you that your system is seconds away from exploding due to the terrible, and incredible amount of malware on your system, all of which are, of course, fabricated. It then, inevitably, asks for money to help you rid your computer of these potentially disastrous infections.

The AnVi Antivirus can be picked up either through a download, or as a Trojan. Once it is active, it can hijack a web browser, further infect your computer and disable various security protocols. The one thing it will not do, is help your computer.

Symantec has issued ways to get rid of the virus on their official help forums. The virus targets several antivirus programs including Microsoft, AVG, Spyware Doctor, Zone Labs and Norton.

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.

Scareware Tricks Users Into Removing Antivirus Software

Posted: 19 Aug 2010 10:58 AM PDT


Version of the widespread "retrovirus" CoreGuard Antivirus, called AnVi Antivirus, aims for many well-known AV programs, warns Symantec.

By Mathew J. Schwartz
InformationWeek
August 19, 2010 01:39 PM
Symantec Wednesday issued a warning about AnVi Antivirus, a new "retrovirus," aka anti-antivirus, designed to kill legitimate antivirus software. AnVi Antivirus is part of a social engineering attack designed to trick users into getting rid of antivirus products from such software vendors as AVG, Spyware Doctor, Symantec, Microsoft, and Zone Labs.

The trick up the software's sleeve is that it actually uses legitimate antivirus programs' own uninstallers to get users to uninstall the software.

In particular, if a user executes a malicious file -- generally dubbed Trojan.FakeAV by Symantec -- it launches a system-level popup window warning them that their currently installed antivirus product isn't certified and is compromising system performance, and should be uninstalled. Regardless of whether or not a user clicks "ok" or simply closes the window manually, AnVi then launches the legitimate antivirus software's uninstaller. At that point, a user would need to click the actual "uninstall" button for the software to be removed.

Interestingly, the malicious file -- which may be installed by malware, drive-by downloading, visiting fake antivirus websites, or come bundled with other software -- actually searches out currently installed antivirus software in the Windows registry subkey, then "launches the uninstaller for certain legitimate antivirus software," said Symantec.

At the same time, the malicious file attempts to download AnVi Antivirus, a new clone of retrovirus CoreGuardAntivirus2009, not to be confused with the Vormetric technology of the same name. Once activated, "the program reports false or exaggerated system security threats on the computer," said Symantec. "The user is then prompted to pay for a full license of the application in order to remove the threats."

However, the fake antivirus program itself is the threat, and provides no antivirus functionality.

As virtual servers, storage, and applications become the norm in the data center, vendors are offering products to consolidate host communications into a single channel and manage that channel with a central appliance. Get the lowdown on the various options before diving in. Download our report here (registration required).


This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)