Get back in your shell, you cirriped
|
|
|
Malware spoofs AVG web site
A DANGEROUS new variant of malware is attacking PCs in the UK, the INQ has discovered. It hijacks the victim's browser and directs them to a fake site masquerading as AVG's own front page.
THE URL which the INQ has discovered is http://0fficial-page-com/AVG1. [Note that it uses a zero not a capital 'o'.] Don't be fooled.
According to Rick Ferguson, a senior security advisor with anti-virus specialist, Trend Micro, this type of attack isn't original but the danger has so far received only minimal publicity.
Rick reckons the best known incidence of this attack is avg-online-scanner.com. This software tricks victims into downloading a malware app called Winspywareprotect.
Naturally, the malware 'detects' the existence of fake 'threats' and tricks the victim into paying money online to 'remove' the threats.
As Ferguson explained, "Cybercrime is moving away from inflicting the maximum damage in the shortest time towards remaining undetected for the longest period and extracting the maximum cash."
He reckons the standard industry practice with anti-virus software is going to have to change. Ferguson estimates that viruses with 'unique' signatures are presently appearing at the rate of around 26,500 per hour.
"A typical PC would grind to a halt just trying to download and process all those signatures," Ferguson explained. For that reason, Trend has moved towards creating online databases of email addresses, web sites and file names.
So, instead of using signatures, Trend's software can detect suspicious activity and then check online if any of it relates to known malicious URLs or files. Information from all three databases can be correlated.
Significantly, the INQ had a great deal of trouble removing the malware which appears to originate from a file called 1temp.exe. Luckily, anti-virus expert Prevx had detected this particular nasty back in March [2008].
The malware is clever because it allows the browser to go to ordinary web sites but blocks all attempts to download a cure from the well-known anti-virus experts such as AVG itself and Panda Software.
The INQ hasn't investigated thoroughly, but monies paid to the fake AVG site appear to go to Russia. µ
Share this:
Share
I have not notice AVG which I use giving me any problems when it comes to slowdowns.
AVG has worked very well for me, I am sure there is a hit like anything else that is running in the background but on my Core2Quad no slowdown at all. Older machine with very low memory I can see having issues but that can be said for anything old.
As for the article, AVG must be somewhat popular for them to go after it, considering they could have gone after so many others.
AVG 8 is a pain if you leave it in standard mode of trying to check every hit in google, or pre-check each site that you want to visit. It really slows IE down, much like those other crappy IE addons and plugins like Google/Yahoo/MS etc.
Prevx 2.0 is such a hog.

And you can never know what they do with the info that program uploads.