Not what you were looking for? Ask our experts!
Reply
Spam Squasher
pexley
Posts: 451
Registered: ‎05-15-2009

Re: What To Do When Scareware Strikes

Hi pete_t,

 

That is shocking news. I never would have guessed that there would be scareware on a reputable site like nytimes.com

 

The scareware likely originated from a banner ad that slipped past whoever supplies the ny times site with ads. Out of curiosity, could you please post what version of adobe flash player you were using when you encountered the scareware? The last time I got scareware I was using the 10.0.22.87 version. Then a week or two later they came out with 10.0.32.18. As far as I know the newer version wasn't designed to put a stop to scareware but it would be interesting to know if it helps.

 

 

Pexley

car825
Posts: 375
Topics: 75
Kudos: 9
Solutions: 3
Registered: ‎03-28-2009

Re: What To Do When Scareware Strikes

Is NIS 2010 better at stopping Scareware than NIS09?

Spam Squasher
pexley
Posts: 451
Registered: ‎05-15-2009

Re: What To Do When Scareware Strikes


car825 wrote:

Is NIS 2010 better at stopping Scareware than NIS09?


 

Yes and no. What makes scareware such an usual threat is that when it first strikes it is in no way trying to harm your computer, therefore NIS doesn't detect anything wrong. What hackers do with most types of scareware is embed them in banner ads and other parts of websites that use adobe flash, and when you navigate to the site the banner ad essentially plays a video designed to make you believe you have been infected (i.e. minimizes your browser and shows you what supposedly is your my computer window being scanned and multiple virusses being found).

 

Once the scareware has run its course and effectively "scared you" then it will tell you to download an obviously fake AV program to remove the infections that are not even there. The fake AV program is the actual threat to your computer. A combination of having a fully patched browser and NIS running should be enough to keep you from being infected or even finish the download of the fake AV for that matter.

 

NIS 2010 is supposed to be better overall at protecting you from threats (sonar 2, program insight, etc) than NIS 2009. Assuming you do not physically tell it to finish the download and install the fake AV program you should not have any problems with scareware. Of course, whenever you encounter some it is always a good idea to physically pull the plug on your internet connection and run a full system scan with norton and at least one other on demand scanner.

 

Pexley

SendOfJive
Posts: 10,579
Kudos: 4,683
Solutions: 759
Registered: ‎02-07-2009

Re: What To Do When Scareware Strikes

Hi pete_t,

 

Heres's some news about the scareware you encountered at the NY Times:

 

Rogue ad hits New York Times site

Contributor
pete_t
Posts: 11
Registered: ‎04-29-2009

Re: What To Do When Scareware Strikes

pexley

Thanks for the info.

 

SendOf Jive

Thanks for the link.

 

After my prior post I returned to the NY Times and after 4 or 5 pages views I got the pop up again.

 

scare pop up.jpg

Again CtrlF4 and Alt F4 were no joy so pulled the cable once more, restarted in safe mode, turned off system restore, emptied cache, deleted temp files and scanned with both NIS and SAS, they both came up clean.

 

In the future I'm just going to pull the cable.

 

Thanks again.

Yaso_Kuuhl
Posts: 5,781
Kudos: 1,436
Solutions: 528
Registered: ‎02-19-2009

Re: What To Do When Scareware Strikes

Thought I'd add my own first scareware experience to this great thread - although it is such a long time ago - about two years ago. I had Windows XP Home back then...and Norton AntiVirus 2003. Ancient, I know, and insufficient with regard to the threat landscape in 2007 ;-D

I remember surfing on mugglenet.com (Harry Potter fansite...) and clicking on a link which was supposed to provide information on the latest book rumours when this Errorsafe window popped up, claiming that my computer was infected with trojans, viruses etc. I knew that it was a nasty pop-up - but I didn't know that one shouldn't click on the "x"  to close it. I clicked on the x - and my browser was dragged off to the Errorsafe website which sported a progress bar, giving one the impression that it was scanning one's computer; it also recommended purchasing Errorsafe software in aggressive font. I managed to close that window immediately and terminated my browser via Task Manager. I ran a full system scan and I also ran Lavasoft Ad-Aware, which I used to have back then, and both scans came up clean, fortunately. I got off very lucky, considering my Norton version was so outdated.

The next time I encountered that pop-up - it was on the same website - I physically disconnected from the internet and terminated the browser via Task Manager - I managed to avoid interacting with the pop-up that way, contrary to the first time. On contacting mugglenet.com to tell them that their website was infested with Errorsafe pop-ups, all I got was a cold response saying that mugglenet was not responsible for the actions of third-party-software/ads. I never visited that website again. 

More on Errorsafe can be found on the Symantec website:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99

 

Super Phishing Phryer
Turbo
Posts: 657
Registered: ‎05-02-2009

Re: What To Do When Scareware Strikes

Thought I would post a link to more info about the recent NY Times website malware problems. Things are heating up, people are not happy. After the article scroll down and read some of the comments, a lot of them come from people running Norton security products.       NY Times