Malware spoofs AVG web site

By

A dangerous new variant of malware is attacking PCs in the UK, hijacking the victim's browser and directing them to a fake site masquerading as AVG's own front page.

Malware spoofs AVG web site
The URL which the Inquirer has discovered is http://0fficial-page-com/AVG1. [Note that it uses a zero not a capital 'o'.] Don't be fooled.

According to Rick Ferguson, a senior security advisor with anti-virus specialist, Trend Micro, this type of attack isn't original but the danger has so far received only minimal publicity.

Rick reckons the best known incidence of this attack is avg-online-scanner.com. This software tricks victims into downloading a malware app called Winspywareprotect.

Naturally, the malware 'detects' the existence of fake 'threats' and tricks the victim into paying money online to 'remove' the threats.

As Ferguson explained, "Cybercrime is moving away from inflicting the maximum damage in the shortest time towards remaining undetected for the longest period and extracting the maximum cash."

He reckons the standard industry practice with anti-virus software is going to have to change. Ferguson estimates that viruses with 'unique' signatures are presently appearing at the rate of around 26,500 per hour.

"A typical PC would grind to a halt just trying to download and process all those signatures," Ferguson explained. For that reason, Trend has moved towards creating online databases of email addresses, web sites and file names.

So, instead of using signatures, Trend's software can detect suspicious activity and then check online if any of it relates to known malicious URLs or files. Information from all three databases can be correlated.

Significantly, the Inquirer had a great deal of trouble removing the malware which appears to originate from a file called 1temp.exe. Luckily, anti-virus expert Prevx had detected this particular nasty back in March [2008].

The malware is clever because it allows the browser to go to ordinary web sites but blocks all attempts to download a cure from the well-known anti-virus experts such as AVG itself and Panda Software.

The Inquirer hasn't investigated thoroughly, but monies paid to the fake AVG site appear to go to Russia.
Got a news tip for our journalists? Share it with us anonymously here.
theinquirer.net (c) 2010 Incisive Media
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?