Malware spoofs AVG web site

By

A dangerous new variant of malware is attacking PCs in the UK, hijacking the victim's browser and directing them to a fake site masquerading as AVG's own front page.

Malware spoofs AVG web site
The URL which the Inquirer has discovered is http://0fficial-page-com/AVG1. [Note that it uses a zero not a capital 'o'.] Don't be fooled.

According to Rick Ferguson, a senior security advisor with anti-virus specialist, Trend Micro, this type of attack isn't original but the danger has so far received only minimal publicity.

Rick reckons the best known incidence of this attack is avg-online-scanner.com. This software tricks victims into downloading a malware app called Winspywareprotect.

Naturally, the malware 'detects' the existence of fake 'threats' and tricks the victim into paying money online to 'remove' the threats.

As Ferguson explained, "Cybercrime is moving away from inflicting the maximum damage in the shortest time towards remaining undetected for the longest period and extracting the maximum cash."

He reckons the standard industry practice with anti-virus software is going to have to change. Ferguson estimates that viruses with 'unique' signatures are presently appearing at the rate of around 26,500 per hour.

"A typical PC would grind to a halt just trying to download and process all those signatures," Ferguson explained. For that reason, Trend has moved towards creating online databases of email addresses, web sites and file names.

So, instead of using signatures, Trend's software can detect suspicious activity and then check online if any of it relates to known malicious URLs or files. Information from all three databases can be correlated.

Significantly, the Inquirer had a great deal of trouble removing the malware which appears to originate from a file called 1temp.exe. Luckily, anti-virus expert Prevx had detected this particular nasty back in March [2008].

The malware is clever because it allows the browser to go to ordinary web sites but blocks all attempts to download a cure from the well-known anti-virus experts such as AVG itself and Panda Software.

The Inquirer hasn't investigated thoroughly, but monies paid to the fake AVG site appear to go to Russia.
Got a news tip for our journalists? Share it with us anonymously here.
theinquirer.net (c) 2010 Incisive Media
Tags:
avgmalwaresecuritysitespoofsweb

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?