Data Doctor 2010 will make you sick

Data Doctor 2010, an encryption trojan via our old “friends” iframedollars. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it. It arrives through drive by downloads from malicious web sites. It’s also packaged with other malware. The victim receives a message that the system is shutting down due to “Unrecognized disk driver command.” ...

December 19, 2009 Â· 1 min Â· 166 words Â· Omid Farhang

Microsoft privacy portal a target of rogue security software

Earlier in 2009, the Microsoft privacy homepage became the target of rogue security software developers looking to make a fast buck. The developers of the rogue security application known as “Privacy Center” even went so far as to include a link to Microsoft to trick users into thinking the rogue is a Microsoft product. Trojan:Win32/PrivacyCenter is a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. ...

December 19, 2009 Â· 2 min Â· 249 words Â· Omid Farhang

FBI: Fraudsters earned $150 million in rogue AV scams

For the first time, the FBI has issued a public warning about the threat of rogue anti-virus software, which the agency said has resulted in more than $150 million in losses to victims. In an intelligence note posted Friday on the website of the Internet Crime Complaint Center, the FBI said users should be on the lookout for pop-up advertisements masking as legitimate-looking AV software, known as “rogueware” or “scareware.” ...

December 18, 2009 Â· 2 min Â· 350 words Â· Omid Farhang

WiniGuard clones are coming thick and fast

Another Clone of WiniGuard family, SysDefence! went live about 3 hours ago. They’re flying off the conveyor belt today. The GUI is identical to TheDefend except the name.

December 18, 2009 Â· 1 min Â· 28 words Â· Omid Farhang

Like clockwork: the next member of the WiniGuard rogue family appears

I blogged about the three generations of the WiniGuard family of rogue security products that began in October of 2008. Friday, the 50th rogue in that line appeared. Analyst Patrick Jordan noted that there appeared to be a newly named clone added to the “genealogy” about every 48 hours. He’s been right. Monday they found GuardPCS and today they found TheDefender. Its associated web site was registered Dec. 4. ...

December 16, 2009 Â· 1 min Â· 162 words Â· Omid Farhang

10 million people will you computers are perfectly safe

New rogue borrows massively from AV company sites Our friend M.N. Bharath drew our attention to this web site associated with the new System Adware Scanner 2010 rogue security product. Although the group claims 10 million users world-wide, oddly enough their site was only registered Nov. 25. It seems they also have recruited the entire management team from AVG anti-virus company as well. Right! Compare the names on the Smart Systems Technologies rogue page. http://sysadscanner.com/about.php ...

December 15, 2009 Â· 1 min Â· 93 words Â· Omid Farhang

The biggest rogue family

The third generation of WiniGuard gets a new clone every 48 hours A new rogue security product called IGuardPC, is the 50th clone of the WiniGuard family of rogue security products. That makes WiniGuard the largest rogue family ever. The WiniGuard family began in September of 2008. Operators behind it have added variants that has sorted into three generations. The latest generation gets a new clone about every 48 hours to stay ahead of public awareness and anti-malware detections. ...

December 15, 2009 Â· 2 min Â· 285 words Â· Omid Farhang

Never judge a book by its cover nor a Web site by its pages

Case in point: findproper[dot]org These are the types of sites that are used to download from third party affiliate sites. If the setup.exe had run, it would have installed the AntiMalware rogue. For more information Click Here.

December 15, 2009 Â· 1 min Â· 37 words Â· Omid Farhang

Tiger still hot stuff

Despite talk of Tiger Woods’ sponsors “limiting his role” in their advertising campaigns, he is still very much hot stuff when it comes to search engine queries which means he’s still a viable target for the malware writers. We can see that Tiger Woods related searches are still being poisoned with malicious results using Search Engine Optimisation techiques: This leads to the familiar: ...

December 14, 2009 Â· 1 min Â· 73 words Â· Omid Farhang

Rebranded rogue claims to be McAfee Secure certified

Internet Security 2010, It’s a rebranded clone of Advanced Virus Remover, a rogue security product. It’s one of your run-of-the mill rogues, using run-of-the mill scare tactics, except its payment screen contains a static graphic that imitates the McAfee Secure certification. A real “McAfee Secure” certification is a DAILY certification, it contains the date and its logo should look like this: ...

December 11, 2009 Â· 1 min Â· 143 words Â· Omid Farhang