Thursday, November 13, 2008

Antivirus 2009 email going around

I thought it was an email hoax at first...you know, like the one about the 190 pound cougar that someone supposedly shot in Iowa...but I guess it's real.

Here's the email I received:

Another one, actually a malware, is called Anti-Virus 2009. It is a seriously obnoxious problem. You will go to a website that looks innocuous, and suddently this fake anti-virus program takes over your screen and you can't get rid of it. It tells you you have been attacked (which is true) and wants $39.95 or some such amount to get rid of it. This fake program looks exactly like Microsoft's anit-virus program and is a royal pain in the ass. Internet Explorer is made inoperable when it strikes. It was apparently created by some Russian creeps who now distribute it like some kind of franchise. It tried to mess with my Mac, too, but either couldn't get a grip or the program I have for malware, spyware, and other obnoxious stuff stopped it.

The only way I could get rid of it on my wife's pc was to downloadmbam-setup.exe from Malwarebytes.com onto my Mac, make a CD of it, install on her machine, and turn it loose. I have the program, and if you want it I'll send it along.

It sure reads like one of those hoax emails that goes around. Microsoft doesn't have an antivirus program, for one thing. Also, why is anyone still using Internet Explorer? Haven't we learned our security lessons about Microsoft software yet?

I always wonder how much Microsoft gets paid by the antivirus software companies to stay out of the market. I mean, the fact that windows is insecure is their fault. And, they are certainly happy to take over the business model of any other company that writes software.

Anyhow, a little digging revealed that it's a malware program that you get by going to a bad or compromised website.

Another method of distributing Antivirus 2009 involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Antivirus 2009 on your system. Antivirus 2009 installs on your computer through a trojan and may infect your system without your knowledge or consent.

So yeah. Hope the guys who wrote this get their karmic comeuppance.

The other thing that was a surprise to me in that email, was the fact that Malwarebytes is a real program, and that a lot of people recommend it. I hadn't heard of it yet, which is strange cause I get asked to help people with this sort of problem a lot and so I pretty much keep up with developments in the field. Not lately, I guess.

Just for fun, here are a couple of links that talk about removing this spyware.

Enigmasoftware Antivirus 2009 Removal Instructions

Removal instructions at BleepingComputer

Note that I am not recommending Enigmasoftware or Bleepingcomputer or their instructions as I have not had this problem and so don't have any personal experience getting rid of it (yet).

So, use Firefox and keep your shields up when you stray off the beaten path! (how's that for mixed metaphores?)

No comments: