Gas Guzzler
join:2005-09-17
Los Angeles, CA
1 edit | New Variant Of Intrusive Online Scanner It calls itself xponlinescanner.com and I was hit twice today while visiting the NY Post newspaper wesbsite.
Its some kind of malware that tricks you to install some fake antispyware program. It appears on legitimate websites.
We saw these kind of browser highjackers last year too.
One of the old security threads that discussed the problem is this one:
»YouTube - Major League Baseball Strikes out
To test how this behaves on your system go here:
xponlinescanner.com/2008/1/freescan.php?aid=77011816
(edited) | |
|
 
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
1 edit | Re: New Variant Of Intrusive Online Scanner What are you recommending we test????
Or does that link show how to remove?? | |
|
 | 
tomazyk
join:2006-12-04 | Re: New Variant Of Intrusive Online Scanner No DO NOT test that link. It is link to XPAntivirus - rogue antivirus. They offer you a free scan of your system - which of course tells you that your computer is not safe and then they offer you installation of their antivirus. DO NOT INSTALL IT. | |
|
| |
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| Re: New Variant Of Intrusive Online Scanner Not to worry Toma, My intention was too highlight poorly worded advice or suggestion in a security thread. Asking people to test this is bordering on ............
I was hoping a MOD would notice but I guess this week I am clearly meant to be disappointed (my Habs lost last night and are out of the playoffs :-( )
THanks for the link ahulett.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment | |
|
| | |
tomazyk
join:2006-12-04 | Re: New Variant Of Intrusive Online Scanner Yes I thought that was your intention with both questions. With my post I only wanted to warn less experienced users from doing foolish thing.  | |
|
Millenniumle
join:2007-11-11
Fredonia, NY
| ... The link opens two successive script windows telling us their product is needed and safe. Then a page opens indicating a scan was performed, finding three nasties. Then a succession of more script windows open prompting to download and run their product. The download is a 65K file full of what is no doubt a bundle of joy.
The exploit here is the user. | |
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| Re: New Variant Of Intrusive Online Scanner More information on this rogue security product:
Microsoft Malware Protection Center
Program:Win32/XPAntiVirus
»www.microsoft.com/security/porta···ntiVirus
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights. | |
|
Reimer
join:2006-08-14
Toronto, ON
1 edit | Hmm, Firefox blocks it from even loading at all. | |
|
| 
Jesse2
join:2006-07-22
canada | Re: New Variant Of Intrusive Online Scanner Erm...do i have the virus? I tested out your link and NOD32 did not stop it. I exited it right away and it changed the look of my browser.
AM I SAFE?! | |
|
| |
tomazyk
join:2006-12-04 | Re: New Variant Of Intrusive Online Scanner If you didn't run the installer then you should be safe. Check in Add/Remove programs if you have XPAntivirus listed. If so follow the link in ahulett's post for instructions on removing nastie. | |
|
|
|
|
