Seeing Double?

What’s that? Winifixer! Here are some comments from the web site:
“Statistics approve that virus and trojan attacks damage more than $3 million/hour and the new virus appears each hour. One of them, virus Sasser. A, infected million of computers at the first hours after let out and caused billions damages. It had been corrected within a lot of months.”
Scared yet? Or do you just find the wording and explanation a bit odd? Let me see, let’s work with those figures. In a day, that’s $72 million in damages. In a week, it’s half a billion dollars. By the end of the year, that adds up to almost $200 billion.
And it points out that almost EVERYONE’s system is infected! WOW! 91% is a big number!

If you haven’t read our previous posts, you might not be aware that there are a number of misleading applications being distributed on the web by malicious web site operators. Stuff that we’ve been calling “Rogueware”. Some AV vendors prefix the detections with “not-a-virus: Fraudware”, some will call the stuff a “Troj_Renos”, some call it a “Misleading Application” and some call it “Rogue Security Software”. Some AV vendors have been blogging dramatically about this software and how it was originally distributed, via fake codecs.
Here is the page that offers up the WinIFixerInstaller.exe download for only $99.95:

What? You’re not sure if you want to install that one? Well, you can always install something just like it…called the AdvancedXpFixer! It makes the same exaggerated claims as the site mentioned above, and offers up the AdvancedXPFixerInstaller.exe download. Are you seeing double? Maybe!

My favorite part is where they provide links on the “company” page to securityfocus articles about developing av engines and heuristics. That’s good stuff.

How might you wind up with these pages or software on your system? As always, patch your system! The software is partly being distributed using a few ugly old drive-by client side exploit tricks to run some downloaders on your system without you knowing it when you browse a malicious web site. Successful exploitation also results in a huge fake alert on your system’s desktop wallpaper, telling you about all the malware on your system. The malicious sites also download and execute multiple spam bots and other malware, making your system a major problem and source of spam. Double the fix, er.

Update: while double is interesting, triple is all the more exciting!

This entry was posted in Online Fraud. Bookmark the permalink.

One Response to Seeing Double?

  1. Wao says:

    First, thank you for your developers’ hard work. ThreatFire is much better than its origin – Cyberhawk.

    But, there is one problem I really concern about. It’s about threat list.
    When I set the “Schedule Scan” and it finished work, TF always told me there were some threats in my system but never told me what the threats were.

    The only way I can do is re-scanning, then I know what the threats exactly are.

    I wish your dear developers can fix this problem as soon as possible.

    Thank you sincerely !
    A ThreatFire Fan

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>