Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Antivirus Overwhelming Scanners

Posted by CmdrTaco on from the i'd-rather-be-phishing dept.

ChiefMonkeyGrinder writes "Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008."

3 of 334 comments (clear)

  1. They're well-written by kimvette · · Score: 4, Insightful

    Those are some of the best-written software out there. No, really! The first time I encountered the more advanced ones, almost malware detection/removal software could detect them, and none of them could remove that malware. It was on a system for a friend where reformat/reinstall was not really an option (would have taken more time to do that) so I dug into it. It took 26 hours to completely remove the crap from the system - it had strewn source files through the Windows and System Restore directories, had several hidden processes which monitored process killing and file deletion and would modify, recompile, and reinstall multiple copies of itself again.

    A few weeks later Malwarebytes and Spybot S&D were updated and could easily remove any variant I've come across since then. The first time I hit it was a pain in the neck, then it was routine removal of it for a few weeks (a bit of time consuming but not nearly so much as the first time) and then it became a simple matter of renaming the malwarebytes and Spybot S&D installers, renaming the installed executable and running them. Ad-Aware couldn't detect them - and it's a shame. Ad-Aware is pretty much useless now. It seems that once they gained commercial viability they became complacent.

    The douchebags who write that software aren't stupid. Malware is getting to be extremely well-designed and it's a damned shame those authors aren't doing more productive work.

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
  2. Re:The worst offenders by Darinbob · · Score: 4, Insightful

    It's really sad when the company provides their own removal tool. It works, but it makes you wonder why they don't just fix the uninstaller...

  3. Re:Major pain by Real1tyCzech · · Score: 5, Insightful

    "Admin rights are required on all the computers for access to active directory and such."

    BZZT!

    Access to AD only requires the *user* have admin rights, not the Computer.

    Try this (has worked wonders for us):

    Create two accounts for each user. One for day-today use, one for AD admin tasks. (Add AD in front of their username or some such) Secure their day-to-day as a limited user account. Lock the admin account down. Don't even give them proxy access or network share access.

    Create a shortcut on their desktops (to dsa.msc, or whatever) and right-click it. Under properties/advanced, set it to run with alternate credentials.

    Now, when they log into their day-to-day accounts, they can still open the dsa shortcut and enter i their "admin" account credentials to manage the AD, but now neither the AD account or their mornal day-to-day account will be capable of installing "AV2009".

    Seriously, try it.

    Problem solved.