News New York Times suffers ad-based malware

http://www.bit-tech.net/news/bits/2009/09/14/new-york-times-suffers-ad-based-malware/1

The New York Times website has been playing unwitting host to an "unauthorised advertisement" which attempts to con users into installing worthless 'security' software.

 

this sounds to me a lot like the "Personal AntiVirus 2009/2010" fake antivirus virus that's doing the rounds at the moment

i work in a computer shop, and the amount of laptops and PCs that come in every week with this infection on is overwhelming sometimes. some people just dont have decent (or any) antivirus programs on their PC, mainly because a lot of people don't realise they need it on their pc to help prevent infections. Also, some of those people who buy their PCs from places like PC World/Currys, etc, do get antivirus programs pre-installed (usually the obtrusive McAfee), but these are only ever usually Trial versions, and because people dont bother to buy a new license or even uninstall it and put something else on (Norton, AVG, Kaspersky, Nod32, etc etc) then said trial version is usually left running in windows and not protecting the customer (yet the customer thinks they are protected because the program is still running in memory)

same goes for those people not updating their web browsers - i've seen MANY customers out there still using Internet Explorer 6, or even an old version of Firefox 2, and neither of these have any protection against popups or malware code on websites... everyone MUST regularly keep their browsers AND antivirus updated....

mind you, i'm ranting here, but more than likely those people who dont know what theyre doing probably havent even read this website anyway, so kind of a wasted rant... lol

 

I would wonder about people on the internet without virus software already installed, duh?!

 

its bad really as mcAfee and norton does not detect PAV or most Fruadware stuff like it and its Very simple to detect as well (using same folder name and program exe name pav.exe for eg), and i load norton 2009 (2010 is out now see how that one stands up to it)

 

Gratuitous Windows joke: 'New Improved Version 7'

On a more serious note we've had two incidents in the office over the past month, three if you count my deliberate clicking on the popup OK button so I could take a closer look. In all cases a trojan has been dropped irrespective of virus checker settings, in one case the firewall was disabled and in all three cases all windows restore points have been deleted.

What happens after this depends on the software downloaded by the trojan, some software will be detected some will not.

As for the trojan itself, local virus scanning appears pointless, on line scanning is a bit hit or miss. While I had luck finding it with RootRepeal ( http://rootrepeal.googlepages.com/ ) removing it was a different matter. The likes of Simply Super Software's Trojan Remover ( http://www.simplysup.co.uk/tremover/index.html ) would detect the trojan but removal was only possible once the hard drive had been installed as a data drive in another PC.

It is my understanding that new versions of these trojans are produced on a frequent bases. A report by Panda Security suggests a new version could be released every 24 hours ( http://www.pandasecurity.com/uk/homeusers/media/press-releases/viewnews?noticia=9805 ). In this case it is no longer a question of 'what virus checker do you use' but rather a matter of whether or not you were lucky enough to receive a relevant virus checker update in time.

 

I'd like to take this opportunity to pimp Ultimate Boot CD for Windows as a really good way to clean out malware infections.. used it to great success on my girlfriend's infected PC when all else failed

 

personally, ive found both SuperAntiSpyware and Malwarebytes Anti-Malware programs both pick up and remove COMPLETELY the Personal Antivirus and such viruses (and rootkits and other crap) - and for FREE on both - whereas programs like AVG, Norton etc, for some reason dont pick up on them

recommended you have either one of the two programs ive mentioned above

 

Educating the masses so that they dont stupidly click these pop-ups would be nice. Im really getting tired of people calling me because their computers are running so darn slow that they can barely run basic functions. If people would just run a decent anti-virus (and keep it up to date) and not click the pop-ups, my life would be a bit easier.

Sometimes I want to just outright tell them, only download pron from sites that you trust..

While not a foolproof strategy, with good AV and up to date OS and browser, you can usually get by unscathed.

 

i prefer to use a HIPS program. it protects system and program memory and can usually prevent a malicious program from getting installed in the first place. i would recommend blink from Eeye.com. it has HIPS, traditional AV and AS and a firewall all built in. does a pretty good job in my opinion, and HIPS is the way of the future for AV anyway. no more pesky deff updates or unreliable heuristics

i also use a sandbox for browsing untrusted sites. sandboxie.com has a good one. get all the infections you want, just one click and they all go away.