Fake security software in millions of computers - Symantec

Source: Reuters

WASHINGTON, Oct 19 (Reuters) - Tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec (SYMC.O) report on cybercrime.

Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The "alert" warns them of a virus and offers security software, sometimes for free and sometimes for a fee.

"Lots of times, in fact they're a conduit for attackers to take over your machine," said Vincent Weafer, Symantec's vice president for security response.

"They'll take your credit card information, any personal information you've entered there and they've got your machine," he said, referring to some rogue software's ability to rope a users' machine into a botnet, a network of machines taken over to send spam or worse.

Symantec found 250 varieties of scam security software with legitimate sounding names like Antivirus 2010 and SpywareGuard 2008, and about 43 million attempted downloads in one year but did not know how many of the attempted downloads succeeded, said Weafer.

"In terms of the number of people who potentially have this in their machines, it's tens of millions," Weafer said.

It was also impossible to tell how much cyberthieves made off with but "affiliates" acting as middlemen to convince people to download the software were believed to earn between 1 cent per download and 55 cents.

Read more: http://www.reuters.com/article/wtUSInvestingNews/idUSN1854926920091019

(Or various other non-M$ operating systems.) This shit in the OP will not even run on a non-Windoze machine.

I use it at work. Will probably throw it on my desktop at home also.

Very secure and low maintenance. Unless you have "special needs", I see no reason not to switch.

and it wouldn't reinstall Windows. I haven't even looked at it in months because I really am spoiled by simplicity of Windows and I don't like to have to type in line commands. I could learn it but to tell the truth I don't have any motivation to do it since I haven't had any problem with Windows.

>and it wouldn't reinstall Windows. I haven't even looked at it in months because
>I really am spoiled by simplicity of Windows and I don't like to have to
>type in line commands. I could learn it but to tell the truth I don't have any
>motivation to do it since I haven't had any problem with Windows.

you can do everything via the mouse...

However, as Ubuntu is different than windows you may have to click on a few different icons to find what you are looking to do. I do agree that if Windows
is working good for you then you should stay with Windows, at least that way you won't have to learn different icons/menus etc..

Of course when things go wrong, or if you're doing some more advanced stuff you might have to use the shell... but the same can be said for a windows machine too. One thing that about linux, if you have major problem with linux, you can usually fix it. Whereas with windows it's usually far more difficult to figure out what the hell is going on and fix it.

let's see how long your little toy linux machine stays running... ;)

In all seriousness though, most of the problems are with enduser education and skill level... I'm betting if you, bemildred, were running a modern MS OS, you personally wouldn't have fake security software installed. Why? Because you most likely know better.

Is that the criteria for a good OS, that 16-year olds can't fuck it up?

Ubuntu does not allow root access by default, you have to be knowledgeable enough to create root access, on the command line, in order to use it.

Your ordinary Ubuntu user never needs to do that anyway, just like your ordinary Ubuntu user never needs to do anything on the command line.

Ubuntu does not have any "security software" because you don't need it.

And, Ubuntu is free.

I run Win98SE, WinXP, FreeBSD, and Ubuntu, at present. I have no bias against Windoze, as such, and I still miss DOS, but when there are less-painful alternatives, I see no reason not to use them. The main reason to use Windoze is because there is some particular application that you want enough to make paying Bill Gates yet more money worth it.

Windoze is to Computer OSes what Disneyland is to entertainment.

System Version: Mac OS X 10.5.8 (9L31a)
Kernel Version: Darwin 9.8.0

or any other posix os.

everyone says you get space BACK on the HD. That is a novel concept to me.

installed the .1

Not that what the say isn't true, but people need to understand you get what you pay for. Unless you use your machine for the simplest browsing, free security software is simply not worth the risk.

Also, I may be cynical about this but IMO is Symantec trying to stampede people into buying their product. They lost a lot of market share because their product became an unusable resource pig. Now they are trying to scare people into buying their product by casting doubt on many legitimate (and superior) products.

A big ugly warning pops up on your screen and it mimics Symantec or other similars. One of those things probably put a trojan on my machine.

It's not that people download free stuff (although they do), it's that these deals are invasive and come looking for you.

And you're probably right. Symantec is exploiting the situation.

many people simply don't know when they are being scammed and there is very little community policing for this type of thing.

and a little over $200. to clean and I lost Office XP in the process.

Fuck Symantec.

blocking ALL access to the internet, demanding that I click on the Buy Now button, which I never did, but my computer was useless for the internet anyway.

If it is showing up as the little hand which clicks on links, rather than an arrow, when you go to X out of a window, that window is a scam. Do not click that X, as it is a part of the link designed to look like a way out. Close the window some other way, ie ctrl+alt+delete, alt+F4, or simply right click the tab at the bottom and select close.

those popups. Clicking cancel or X actually installs them - so I discovered to my distress and went through similar problems as you a couple of years ago. If they pop up, immediately reboot, or at the least hit Ctr+Alt+Del and close your browser.

That's what I did when this happened with the NYTimes.

they've become a large pain in the rear on my machine --

They refunded -- and it's still on my machine until I decide where go go?

Avast?

Not sure?

Was going to go consult the computer wizards here at DU . . . but have to

go to the Lounge to find the way!!

Soon . . .

http://free.avg.com/us-en/download-avg-anti-virus-free-edition

I've been using it for years after mcafee screwed me, works great.

I use Zone Alarm firewall, it's also free.

edit:

I ran across a great tip recently, you can check your AV protection very easily:

#1 Open Notepad and paste this string into it ( without double quotes )

“X5O!P%@AP<4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*”[br />
#2 Save it and as soon as you do your antivirus real time protection should be able to detect it. In case you have disabled the real time protection run a scan for this file.

This file actually is a dummy virus which simulates like a virus which is provided by EICAR for distribution as the “EICAR Standard Anti-Virus Test File”, The file is a legitimate DOS program, and produces sensible results when run (it prints the message “EICAR-STANDARD-ANTIVIRUS-TEST-FILE!”). You can read more on this at EICAR Antivirus Test File

http://www.technospot.net/blogs/how-to-check-if-your-antivirus-is-working/

First of all, I blame Microsoft developers for actually allowing the mechanisms these scripts to be included in their Browser Software.

A typical solution is to just Kill the task and be done with it, but most people would be led to believe that clicking a button would be appropriate, even though Microsoft allows Click-Jacking and other events to be delegated just about anywhere a miscreant desires.

Microsfot really blew it when they released a buggy, insecure Vista whose only basic security feature was a dialog box asking over and over again if you really want to start that program... In fricking credible.

I used to write software for the 32 bit windows platfor, but at this point, it's just not worth it anymore. The deeper you get into the system the more crap turns up until you just realize that they haven't pruned any dead code since 16 bit windows 3.1.

Secondly, they've made the OS so apaque, running all sorts of undocumented services and dll's, it is a simple task for a trojan or virus to hide out in the system.

For all those here boasting that their alternate OS is secure, you are full of shit. You are equally vulnerable, and are sitting on top of just another pile of spaghetti that anybody can exploit if they so desire.

There are many people that have no desire to install and learn a new OS, or to replace all their existing applications, or that have gig's of data that would be inaccessible overnight. Unfortunately, the Computers of today haven't seen the efficiency and compatibility of a plain old printed book and it's longevity for the past century.

Last time I used the dreaded Norton was the 2003 edition. Hogged system resources, expired after a year, was a pain in the ass to remove, was heavily intrusive, conflicted with other antivirus/firewall software, and installed many instances of itself on my system. All the time hounding me for a 'subscription' fee.

This after charging $50 or so for the damned program from the get-go!

Yep, sounds like a virus to me!

I always recommend Avast or AVG. Both do the job, and do it well. No bullshit. And both are free, unlike that overpriced POS Norton.

and actually does the job, catches all sorts of stuff. And free is nice, too.

Avast! Don't trust me, look at CNET for a review.

"Avast Home Edition 4.6 - Free software downloads and software ...

Review by CNET Staff
Come to CNET Download.com for free and safe Avast Home Edition 4.6 downloads. This impressive software provides the same steadfast protection of well-known ..."

http://download.cnet.com/Avast-Home-Edition-Free-Antivirus/3000-2239_4-10019223.html

it works great, updates all the time and is free if you use the home edition.

Even AVG self-destructed on me one day after a major upgrade.

Avast is unobtrusive, updates itself with little fuss and it WORKS. It surprises me sometimes with the little things it catches.

Norton used to be superb years ago but since Symantec bought them out they've gone steadily down hill. The AV software is a massive resource hog, trying to do everything all at once and only managing to do it all really badly.

I've only ever seen recent installs of Norton on OEM PCs (Dell, HP, etc.), I know of not one person who has installed it themselves. The only reason I ever get to see PCs with Norton on is because despite people paying for Symantec's ransomware (pay us for your anti-virus updates or the PC gets it!) they've still managed to get infected by a virus. Every time I've installed Avast! or AVG and they've had no issues since.

tried AVG a long time ago on recommendation and it was originally just a tight

system to work with and didn't seem to be loosening up.

Probably my fault?

I still have Symantec on my machine tho I have a refund on it --

I have to move on to either Avast or AVG soon --

Thanks for info --

:)


PS: If you happen to know .... is the only way to get your registry and other errors
and crapped cleaned up with a pay system? I also have Malewarebytes on my computer.
But Google Chrome Care runs and it keeps telling me I have stuff that needs to be
cleaned up and they ask you to join a pay program?

and Advanced System Care 3 does a great job cleaning up spyware, junk files, etc for free...

And Spybot S&D and Spyware Blaster and Malwarebytes....

You can't be too paranoid.

and will probably move to Avast tomorrow --

have to get Symantec out of my machine --

got a refund on it --

what a pain!!!

I am using ESET NOD32, and it works very well. Hides in the background and updates itself several times daily if needed.

It's great. Very easy on the memory use, too.

One forced me to reinstall the registry (always fun on a computer running a RAID array and a non-streamed version of XP).

Luckily, the other just required running Malwarebytes Anti-Malware (free) software

I plan on swearing by that product now. Not only did it get rid of the infection, but it also fixed the corrupted active desktop and task manager on both systems.

Had to reinstall Windows.

In those situations Combofix seems to work for me. It will at least get rid of the really dug in ones, so you can finish them off for good.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

and helped me remove it. Thank you, Spybot!

:hi:

For instance, I get periodic update alerts from Symantec -- how do I know they're legitimate? Sometimes it's impossible to tell when something's a scam.

And go to Symantec's website for your update.

After you've seen a few of them the fakes are easy to spot; they sound desperate and breathless, giving specific IP address or actual counts of "infected" files, and the big clue: They often have spelling and grammatical errors.

on my computor that I am not fully aware of the content. I trust Symantic.

When it happens, immediately restart your computer. A reboot gets rid of the problem until the next time and you go through another restart/reboot. I don't know why McAfee doesn't catch this.

I got hit two weeks ago, and I run a tight ship. I still don't know who or how
they got to me - musta let my guard down for a sec in the wrong place, but these fkers
are quite sophisticated and the malware is real nasty.
a malevolent free floating vaprous phantasm class 4 at least. nasty critter.
where are the ghostbusters when you need them?

So what did it do? Among others things it set up porn site shortcuts (real, but IMO a diversion)
and started generating popups that looked very convincingly like windows firewall alerts showing windows
firewall was ON. I knew is was phoney because (a) the only functioning control was a link to a supposed
antispyware software site and (b) i DONT USE windows firewall, hello! (i use zone alarm).
bwahahahaha. missed me!
but otherwise very convincing. The link was for an seemingly legit antispyware vender, which promised
to clean the machine of the virus, etc, etc submit your credit info here please. DONT DO IT.

This was a nasty bit of virusing, and I'm not going to get into details, but even sophisticated moi
soon tired of sleuthing around the nasty twists and turns of this little mother and decided to
implement plan B.

Plan B involves reloading the operating system with a clean copy of configured windows. It took a total
of 12 minutes and I was up and running, virus free. You don't have such a thing? Awww... I am sorry, you'll
have to reload windows from scratch, then reinstall all your software, tweek all your favorite settings,
etc etc for two weeks it takes you to get everything back the way you like it.

You Vista owners have some special problems, but XP folks can use Acronis, a backup program (Norton Ghost
also works). Save as much data from your contaminated system as you can using an external drive. Wipe
your system disk and reload XP from scratch. Set up the firewall, I use (free version) zonealarm, but whatever.

Update to SP3 from Microsoft site. Add software, printer drivers, etc and tweek the configuration for a few
days while resisting the temptation to wander around on the net. Got it? Its the last time you'll have to
do it. Now use Acronis (Ghost) to make an image of your operating system. For XP it will be under 4 GB
(Vista is over 20 GB, gag!).

Store it on DVD. You are covered against viruses. Yea! Well, actually what you are is ready to reload
the OS if you are hit. Takes about 10 minutes to recover if you think youve been virused. Or just reload every month!
but PLEASE remember to back up and restore your old data!

PS I do recommend you use a router (wireless or not as desired) and set up a firewall on each computer.
This configuration is pretty secure so long as you practice safe computing. (ie dont' open that attachment
from "You is won!" email, fool).


This won't protect you against viruses, but it is an effective response if you are hit.
You can get and use legitimate antispyware for detection ( I don't use it, been hit once in 10 years), I do
use free ClamWin AV but never found a virus with it in 5 years. Just practice safe conputing, and reload the OS
if you are hit (with malware).

tips from a pro. enjoy.

..works like a charm now...

www.cybertechhelp.com was the site i used...free to all, but donations gratefully accepted...for a computer illiterate like myself that website has saved my bacon more than a few times..

And work is where you don't really get to decide to use a less vulnerable operating system or a more robust firewall. In many cases you're even locked into a single version of Windows because that's what shipped on that particular machine.

The ONLY thing I have ever found that will effectively get rid of that fake alert shit is Malwarebytes. It is free for personal use from malwarebytes.org Be sure to update it before you run it and I also recommend deleting your temporary Internet files first because a)that is where most of that crap lives, and b) it will speed up the scan.

Just a comment about Malwarebyte, yes it will get rid of the fake security software, IF you can install it. The virus I had not only bypassed our regular security system, it prevented the installation of Malwarebyte. That's why we did a system restore which worked. The good news is what I found out about XP. In safe mode, I was still able to access our network and the Internets.

De-install Malwarebyte if you already have it
Boot up in safe mode, w/ network option (tap F8 key repeatedly while booting)
Go to CNet and download a fresh copy of Malwarebyte
Install it and then rename it
Run it -- you should get a lot more malware hits than when you ran it "regular."

We did this several times. During installation a file can't be found. Why bother with all this nonsense. Just do a system restore. Then you can install Malwarebyte without problems.

It got my PC with XP here at work. Nothing would get rid of it, so the IT guy did a system restore to the day prior to the infection. Got rid of it without loss of any data.

Of course, start from the trusted domain or the retail box!

I use the "immunize" feature on the program to prevent such fake security software from being downloaded onto my system. Spybot is free and effective against such cyberattacks; you just have to remember to update it at least once a week.

http://www.safer-networking.org/en/download/

Avast free, Prevx Edge, and PC Tools Firewall Plus. Along with a router, Firefox with NoScript, KeyScrambler Free, and Malwarebytes on demand. I believe in layered protection.

Here are some of the positives/negatives of each AV:

Antivir -

Positives: high detection, free version available, not heavy on the system
Negatives: update problems reported in free version, false positives a little high


Avast -

Positives: good detection, free version available, Web Scanner is fast
Negatives: no behavior blocker yet

AVG -

Positives: free version available, low system impact
Negatives: detection is subpar in my experience

BitDefender -

Positives: good detection
Negatives: a bit heavy on the system

Comodo -

Positives: free
Negatives: improving but still not very good detection; company has trust issues with the certificates controversy, inclusion of Ask Toolbar (it is opt out), and deceptive and aggressive marketing. See Calendar Of Updates forum:

http://www.calendarofupdates.com/updates/index.php?showtopic=19279&st=0&gopid=80552&#entry80552

Kaspersky -

Positives: good detection; frequent updates
Negatives: detection has gone down in recent tests (including AV Comparatives), heavy on the system, the founder's views on internet anonymity

McAfee -

Positives: Artemis has been successful in increasing detection by a lot
Negatives: not many new features added year to year; database updates could be more frequent

NOD32 -

Positives: good heuristics, consistent in Virus Bulletin tests, good detection
Negatives: AV has gotten a little heavier, company has "on priority basis" detection policy

Norton -

Positives: AV is lighter than it once was; good detection is tests; pulse updates
Negatives: they don't seem to be the fastest in adding detection for new malware; expensive

Panda -

Positives: in the cloud technology added
Negatives: hasn't been tested by AV Comparatives and there's not a lot of testing to go by in general; expensive

Trend Micro -

Positives: unconditional money back guarantee
Negatives: doesn't seem to be keeping pace in detection

Positives: free, probably decent detection
Negatives: performance in AV comparatives was disappointing; I prefer using an AV separate from the maker of the operating system I'm using (especially one that has had many security holes)

while we on the Windows side are expected to remain quiet.

One question sports fans, if your software is so good (and easy to install), why hasn't corporate America, the school systems and health care providers adopted it?

probably believe that if something is free/open source, it's not as good as paid software.

Especially LAMP(Linux, Apache, MySQL, Perl) setups. You are using Linux right now, and probably don't even know it, DU uses it.