TheWickerMan
join:2002-04-09
Enola, PA
| reply to Siko
Re: Beware these "fake" antispyware programs
said by Siko  :If your reading this forum. then why would you need to google antispyware programs? I have nowhere near the expertise as those who help out in the Security Cleanup forum, but I know enough to keep my own system clean, and to help out if someone else FUBARs their system. I normally stick with the trusted aps that the experts talk about here, but there have been a few cases where I had to deal with a particularly nasty piece of malware, and figured I'd try to google a removal tool for it. And there was at least one time where that turned out to be a mistake. I was trying to talk this one person through it, because she was hundreds of miles away and I couldn't actually be there. I found what I thought was a legitimate removal tool, and told her to download and install it. Luckily, it asked before it installed it, and when she read the message to me, I recognized it as a rogue application. |
|
onebadmofo
Repost These Nuts In Your Mouth.
Premium
join:2002-03-30
Reading, PA
 ·Comcast
1 edit | reply to DownTheShore
said by DownTheShore :I heard the the new version doesn't work with Vista...  That's true, it doesn't. And do you know why?
Because Common Sense wasn't used when building the Vista OS.
 |
|
onebadmofo
Repost These Nuts In Your Mouth.
Premium
join:2002-03-30
Reading, PA
·Comcast
| reply to MagMan
Well obviously. Each version is unique to the users MAC address.  |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| reply to MagMan
I heard the the new version doesn't work with Vista...
--
Life is simply one damned thing after another. |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
 ·AT&T Midwest
·AT&T Midwest
1 edit | reply to onebadmofo
said by onebadmofo :said by MagMan :I use common sense which seems to be forgotten by a lot of user's. Which version are you using? Not the one you are.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
onebadmofo
Repost These Nuts In Your Mouth.
Premium
join:2002-03-30
Reading, PA
·Comcast
| reply to MagMan
said by MagMan :I use common sense which seems to be forgotten by a lot of user's. Which version are you using? |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to Siko
said by Siko :If your reading this forum. then why would you need to google antispyware programs? just to reiterate what CJ said and where OP misunderstood the scu faq and googled for a rogue antispyware
»Re: My experience in attempting to remove vundo
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006-2007 |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to Siko
said by Siko :If your reading this forum. then why would you need to google antispyware programs? Good question. Perhaps you need to think in terms of the people we have reading here
(it's not just us, guys )
We get many visitors here who come in off of Google looking for security solutions. We also have many lurkers. And the DSLR site itself has members who come here for other reasons (speed tests, etc.) that can be quite unaware of such tactics as the one being used in the article Ben posted.
Another point to this topic is that those of us who DO participate frequently in these security topics are already in the know. And we often end up helping others just as we saw in these two older topics (also involving the copycat Spywarebot).
»something funny yet sad.
So, they also see the Google ads on this very site too!
»Rogue AntiSpyware Ads on DSLReports
and thirdly, these guys from C-netmedia have been operating in this manner for over a year and nobody has yet to come up with a very comprensive list so it's nice that Ben put it all together for us. It's our job also to watch out for others and make sure no one gets scammed by these types of schemes. This isn't the only one nor the first nor the last we will see. I think it's a good reminder that when you do recommend a remover or product to someone to use a link to an official download.
So you see, I'm almost always thinking of the folks who come here to learn about security and find these topics and hopefully, gain some insight from them
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2008
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable
1 edit | reply to DownTheShore
said by DownTheShore :Just to point out that I didn't say that Site Advisor was the only thing I relied on - I do use my brain, too. One of the rules my brain applies is that all porn sites will most likely do something nasty to my computer, so I simply stay away from them.  I'm sure that none of these filters are perfect, especially since they just evolve by usage and reports. But they act as a good reminder to pay attention and not to automatically click on a site just because Google brings it up. Well said, i totally agree with you. Being a long time member here has showed me some of the In's and outs of what to look for when it comes to bad-ware and the only reason i posted that i use (Trendprotect) was to help those who are new who use google or what ever search engine to look for help, that there are programs out there that are safe to use that will help you to avoid clicking on those links that take you to these fake antispyware programs, well that and using your head of course.
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| reply to Name Game
Just to point out that I didn't say that Site Advisor was the only thing I relied on - I do use my brain, too. One of the rules my brain applies is that all porn sites will most likely do something nasty to my computer, so I simply stay away from them.
I'm sure that none of these filters are perfect, especially since they just evolve by usage and reports. But they act as a good reminder to pay attention and not to automatically click on a site just because Google brings it up.
--
Life is simply one damned thing after another. |
|
redwolfe_98
join:2001-06-11
·RoadRunner Cable
| reply to CalamityJane
here is another related article:
"Benedelman exposes CNetmedia shady practices"
»msmvps.com/blogs/hostsnews/archi···465.aspx |
|
Wake2
join:2005-04-30
·AT&T Yahoo
| reply to CalamityJane
Thanks Calamity Jane for a interesting read,
and thanks to NameGame to for the other links,
is interesting to isn't it the differing results
you get when you use programs like TrendProtect,
Site Advisor, and LinkScanner.
Regards,
Wake |
|
therube
join:2004-11-11
Randallstown, MD | reply to CalamityJane
This site too, The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites. |
|
Siko
Premium
join:2006-11-27
Mechanicsburg, PA
clubs: | reply to CalamityJane
If your reading this forum. then why would you need to google antispyware programs? |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to DownTheShore
said by DownTheShore :I use McAfee's free Site Advisor as my first level filter of any Google results. I find it to be pretty good for giving a head's up regarding dodgy sites. Site reputation and the Russian Business Network
The RBN allegedly owns and/or operates ASNs in the netblock 81.95.144.0/20. SpamHaus has a detailed report on the RBN, and they recommend blocking this entire netblock in their drop list. Krebs also provided a mapping of the RBN network with some address data that corroborates SpamHaus. Here’s a Domain Tools whois report on one of the ASNs inside of it.
Let’s look at a the distribution of categorized URLs and domains in the 8e6 Database from servers hosted in that netblock:
Malcode — 84.08%
BotNets — 5.22%
Porn — 4.62%
ChildPorn — 4.01%
Spyware — 1.34%
Phishing — 0.73%
I didn’t omit anything — that’s the whole list. Yikes! There is literally nothing on the network that has any redeeming value. I’m willing to bet that any IT Admin could legitimately make the case to the business folks that access to this whole netblock should be blocked. (We put all 4096 IPs from the block in our Bad Reputation Domains category.)
Now let’s see what McAfee’s SiteAdvisor has to say about the RBN.
I pulled an active porn site from our list of sites on the RBN. SiteAdvisor gives you the green light, and even gives the thumbs up on an executable hosted on that site. I don’t know about you, but I don’t care if that exe doesn’t hit one of McAfee’s signatures … it’s hosted by the bad guys! I don’t want any of my users to be able to download it.
To illustrate a more insidious problem, I looked up a dead IP in the netblock. As expected, SiteAdvisor shows a grey question mark icon and reports that it has not reviewed this site. While that’s certainly true, it’s not particularly helpful. Personally, I would be inclined not to trust whatever showed up on that IP in the future, because, once again, it’s owned by the bad guys.
I don’t mean to pick on SiteAdvisor; I like the concept behind that service. But my point here is that assessing site reputation is much more than relying on locating infected files and mapping links. It requires a cross-discipline approach, optimally involving data from more than one security vendor or research organization. Look for that from your vendors. Ask them who they’re partnered with and don’t accept the argument that one security vendor’s core competencies are enough to secure your entire infrastructure.
»8e6labs.com/2007/10/17/site-repu···network/
Note:
Russian Business Network: Down, But Not Out
»blog.washingtonpost.com/security···own.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
PolarBear
The bear formerly known as aaron8301
Premium
join:2005-01-03
·CableOne
| reply to CalamityJane
The irony of the OP is that if you are reading this site you should already know to check with this site first for recommendations on software such as this before you use anything.
But regarding the OP, as I always say, "they wouldn't tell you that unless someone had done it."
--
There comes a point in your life when you get tired of fixing everything and wiping everyone's ass. But it’s not giving up. It’s realizing that you don’t need certain people and the bullshit and drama they bring to your life. |
|
mrchris
We don't miss you Bush
Premium
join:2002-10-01
North Babylon, NY | reply to MagMan
As do I. I only use those official listed on the daily Security forum sticky and keep away from stuff like that.
Death to RBN. |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH | reply to CalamityJane
I use common sense which seems to be forgotten by a lot of user's. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to CalamityJane
Filters are good You 3 are obviously "above average" on the security scene.
Unfortunately, for the average user most are not aware of them nor using them and sometimes the site scanners are slow to pick up on these deceptive type programs trying to copycat legitimate programs. I worry most about the increasing numbers of rogues and copycat programs that are misdirecting unsuspecting users to a site that is only there to provide a free "scan" that will of course turn up a number of suspects (some fake and false alerts too), but the user must pay to remove the malware. These guys are really getting unsuspecting folks who are told download Ad-Aware, Spybot, Defender, any recognized program and left to "google" for the link. We're seeing increasing numbers of people who have bought a program thinking it was the recommended one, only to find that a) they have to pay for it (the true free legitimate programs do not make you pay to remove the malware found) and b) it doesn't work, or worse, only finds false detections which could make matters worse.
That particular case Ben outlined is one company trying to cash in on folks getting misdirected via google ads.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2008
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
delenn13
De gustibus nil disputandum
Premium,MVM
join:2006-03-02
Ridgeway, ON
clubs: | reply to CalamityJane
Thanks for the good read and warnings. I use Link Scanner . |
|
