Hiya Members,
Came across this and wanted to warn members:
Security Operations is observing an aggressive FakeAV/RogueWare installation campaign utilizing banner ads on trusted websites. Some of the sites currently serving this malicious software include msnbc.com, youtube.com, and bing.com.
The Perimeter Security Operations Center has recently discovered that upon visiting these sites you may be presented with either a fake Adobe Reader 8 Install prompt or a Microsoft Security Essentials "Infection Found" pop-up window. Neither of these are legitimate.
This ad based drive-by download presents itself as ThinkPoint. The file may use a legitimate name such as hotfix.exe or mstsc.exe and is saved to a temp directory. It then picks out random files, claims they are infected and forces you to "clean" these false threats. ThinkPoint will state that you need a heuristic program to fix the problems and offers to sell one for $99.90. Do not purchase ThinkPoint; this program is fraudulent.
Antiviruses may detect this as FakeAV, FakeAlert, or a generic Trojan. A full list can be found here:
http://www.virustotal.com/file-scan/report.html?id=c049d274905ac80c9377e1cb0c291a5e67c33876ce256454db29dea953e44e4a-1287696527
Screenshots of the infection in progress:
There is a surprising lack of information about this trojan variant, considering how popular the sites are that are helping spread it. We have found one reputable antivirus vendor with insight:
http://www.f-secure.com/weblog/archives/00002053.html
For Perimeter's ITC customers we have added a Null Route to blacklist the IP address of the domain actually serving the malware. The advertising domain has also been submitted to Fortinet to be recategorized as Malware until this issue can be resolved by the primary domains using the advertisements.
For customer's using Fortigates, additional steps of preventing this kind of infection include subscribing to Web Content Filtering while blocking the Advertising and Unrated categories, and subscribing to network Antivirus with download of Executables blocked.
Lips
Vorsicht vor gefälschten Bannern auf vertrauenswürdigen Websites
- 3,017
- Aufrufe
- 6
- Antworten
Aktivitäten in den letzten 24 Stunden auf LCB
Die meistegelesenen Beiträge im Forum
Bet4slot Casino Hallo, hier sind einige Bonuscodes ohne Einzahlung für bet4slot casino Spin25 Askg50 Spicyfs50 Spin100 Spieler25 Polfs100 Listen25 Freak25 Maniacfs Slotscal25 Slotscal50 10slotscal...
Bet4slot Casino ohne Einzahlung
Hallo LCB-Besucher und willkommen bei Betty Wins ! Betty Wins ist das neueste Kryptowährungs-Online-Casino und hier erhalten Sie die neuesten Informationen sowie Unterstützung für alle Ihre Fragen zu...
Betty Wins Support- und Beschwerde-Thread
Sloto Stars Casino – Exklusiver Bonus ohne Einzahlung Neue Spieler – USA OK! Betrag: 40 $ So erhalten Sie den Bonus: Neue Spieler müssen sich über unseren LINK anmelden und den Bonuscode an der Kasse...
Sloto Stars Casino – Exklusiver Bonus ohne Einzahlung