Rogue Anti-Malware Pushes Fake PCMag Review

Varzil found an interesting story about some "Rogue Anti-Malware" (which seems to me should just be called 'Malware') which modifies your HOSTS file to trick you into reading a fake anti-virus review which is of course for more malware. Modifying HOSTS is an old trick, but this is interesting because it's actually trying to get you to read fake content: normally this sort of trick is used to prevent you from fixing your computer, but this one is trying to get you to break it even more. I guess friends don't let friends modify their HOSTS files.

Social Engineering

[mc1138]

Spoofing of content is nothing new. Even using the hosts file like this to redirect you to fake content while an innovative use of the hosts file, is just a new trick for an old gag. The only real way to clamp down on something like this, is through the better education of the user base. So long as people still buy into these sorts of attacks, hackers and other people of ill repute will still commit them.

Re:hijacking AV sites too

[mc1138]

I like that products such as spybot search and destroy, and malware bytes are ten times more effective at taking care of that than any antivirus product out there...

Re:hijacking AV sites too

[fpophoto]

I like that products such as spybot search and destroy, and malware bytes are ten times more effective at taking care of that than any antivirus product out there...

That's because the nature of PC security has changed. Old school: Viruses to destroy computers. New school: Co-opt systems in order to sell a product or pimp out for botnet needs.

It's kind of refreshing if you ask me. Not to say current malware is a giant headache, but at least the days of you getting your HD wiped are pretty much behind us. There's just no money in it.

Re:hijacking AV sites too

[Spazztastic]

To follow up on parent, if you work in a IT department where you can image computers, it's far more effective to just back up their files and reimage the computer. I've spent hours cleaning them only to (as a last resort) reimage the computer.

Re:Why aren't these people in jail?

[Spazztastic]

I'm pretty sure most other countries now have laws against malicious hacking, and also jails. Or are YOU implying that the U.S. is the only country technologically advanced enough to bust people for such activities?

I think you're making a flamebait post.

Parent said that it's hard to extradite people and not all of them will pursue it because they have more pressing matters at hand such as food shortages, natural disasters, and civil war.

Checking out the IP address and domain

[Animats]

Let's see what we can find out.

We have an IP address for the server hosting the phony pages: "[217.20.175.74]". This is in DNS as "sweeper.globmail.org",

eNom, a favored registrar of bottom-feeders, is the registrar.

There's an address in Kiev, but it's bogus.

WhiteDomainsOrg
Reiterska 13
Kiev Kiev
01001
UA
Phone:+380.5490567

That's a bar in Kiev, Dveri (Door). It's about two blocks from the old US Consulate.

The upstream provider is "ge0.colo0.kv.wnet.ua". So this is a colocated machine at WNet in Ukraine.

The US FBI has a local office in Kiev.

This is something that could be cracked by motivated law enforcement.

Re:Checking out the IP address and domain

[myowntrueself]

This is something that could be cracked by motivated law enforcement.

"motivated law enforcement"?

Is that one of them thar "oxymaroons"?