There is a new rogue among us. It appears that Alpha Antivirus has replaced Personal Antivirus as one of the latest rogue security programs. This particular rogue installs through online “scans” (popups.) The reason I say “scans” is they’re essentially animations of a scan (every one that visits the site will see the same thing even if you visit from a non windows OS which is somewhat amusing…) But, those details could certainly be changed. Who knows someday they may randomize their animations of scans and alter them to match other operating systems if they start to get fancy. Anyway, like many of the rogues that we’ve been covering their goal is to scare you into downloading and then paying for Alpha Antivirus by providing scan results that appear to indicate a security problem with your computer that only they can fix if you pay. In addition to this “fun”, Alpha Antivirus also drops a password stealing trojan. Those online banking passwords are more valuable than the fee for this software I suspect. Read on to see how to remove alpha antivirus.
Tag: trojan
-
Clampi Virus | Clampi Trojan
The clampi virus is in the news in a couple places today. Surprisingly it’s in Symantec’s virus database since January and rated as a low risk. However, the sole purpose of this trojan is to monitor your Windows based computer for connections to more than 4500 different financial related sites and log any usernames and passwords used to connect. When it finds your login information, that’s then sent along to a server that the trojan or virus writer controls and then they can transfer money out of your account or accounts.
-
Trojan horse proxy.ahiy and AVG
A lot of people seem to be reporting today that AVG is finding files to be infected with trojan horse proxy.ahiy or trojan horse proxy ahiy. From what I’ve seen, although that may be a valid virus designation from AVG, they are also reporting many legitimate files as this trojan proxy ahiy. AVG is acknowledging that they are getting false positives from the current virus database and are saying that the next update of their virus database the issue should be resolved.
Further they offer the following advise if legitimate files have been quarantined due to this:
-
Major botnet building and the massive jump in spam
For a few months now (since the demise of bluefrog actually) I’ve noticed that the level of junk mail has gone up on my own mail server. Yes, I use spamassassin to filter and tag, but the volume of stuff that’s tagged has gone up (as well as the volume that slips through.) I’ve had to flush out the bayes filter more than I would like after some massive bayes poisoning attempts (those messages with lots of random words or text.) I’ve also been following news on the topic and thought I’d detail some of it here for those that haven’t been paying attention.
-
Would you like spyware with that? Apple too….
These stories come up from time to time. A free giveaway of some sort and it turns out that there’s spyware or a virus embedded, company gives a big “whoops” and fixes things by replacing them…. McDonalds had a promotion going where up to 10,000 people could win a flash based mp3 player they also received a trojan horse preinstalled…. They’ve apologized and are swapping the infected players and giving information on how to clean up a pc with the keylogger. According to f-secure it was infected with the QQPass password-stealing trojan. Just imagine how things would have turned out if the Greeks had looked that gift horse from the trojans in the mouth first…..
-
Beware visiting Samsung’s site
Betanews is reporting that Samsung’s site has been hacked and is currently serving up malware in some areas. user intervention is required for it to run on the users pc, but be cautious. Samsung has been notified, but as of Friday morning (according to the report) the trojan horse is still there. I really wonder if it hasn’t occured to them to pull the whole thing offline to clean things up?
-
Powerpoint vulnerability (August 2006)
I’m having to make sure I put the date in the title of these posts now…. over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day. There is a good FAQ over at securiteam.com.
-
Firefox 1.5.0.5 out and be cautious with extensions…
Well, let’s start with the extensions first. Like ANY software, you should be cautious installing something from an untrusted source. If you think an extension looks neat and cool – look for reviews and third party information before installing it. That much said…. never install an extension that comes attached as an unexpected email…. Apparently, just that has been happening a password stealing trojan has been showing up as an email attachment that appears to be a firefox extension. OK – quick review – what’s the weakest link in computer security (grab mirror and look….) Now… Mozilla has also released some security updates for Firefox….
-
New malware sightings
Incidents.org had an entry in the last couple days on a malware infestation that was interesting and showed a couple things. 1) You can’t bet on antivirus to keep you safe (the initial installer was not detected by most AV vendors – suspicious by 1.) (If you think about it, this makes perfect sense – antivirus is reactionary and needs to have seen a bug once to recognize it again.) 2) Malware, once in the system, can bring all their friends.