09-13-2009 02:39 PM
That is shocking news. I never would have guessed that there would be scareware on a reputable site like nytimes.com
The scareware likely originated from a banner ad that slipped past whoever supplies the ny times site with ads. Out of curiosity, could you please post what version of adobe flash player you were using when you encountered the scareware? The last time I got scareware I was using the 10.0.22.87 version. Then a week or two later they came out with 10.0.32.18. As far as I know the newer version wasn't designed to put a stop to scareware but it would be interesting to know if it helps.
09-13-2009 03:50 PM
Is NIS 2010 better at stopping Scareware than NIS09?
Yes and no. What makes scareware such an usual threat is that when it first strikes it is in no way trying to harm your computer, therefore NIS doesn't detect anything wrong. What hackers do with most types of scareware is embed them in banner ads and other parts of websites that use adobe flash, and when you navigate to the site the banner ad essentially plays a video designed to make you believe you have been infected (i.e. minimizes your browser and shows you what supposedly is your my computer window being scanned and multiple virusses being found).
Once the scareware has run its course and effectively "scared you" then it will tell you to download an obviously fake AV program to remove the infections that are not even there. The fake AV program is the actual threat to your computer. A combination of having a fully patched browser and NIS running should be enough to keep you from being infected or even finish the download of the fake AV for that matter.
NIS 2010 is supposed to be better overall at protecting you from threats (sonar 2, program insight, etc) than NIS 2009. Assuming you do not physically tell it to finish the download and install the fake AV program you should not have any problems with scareware. Of course, whenever you encounter some it is always a good idea to physically pull the plug on your internet connection and run a full system scan with norton and at least one other on demand scanner.
09-13-2009 07:55 PM
Thanks for the info.
Thanks for the link.
After my prior post I returned to the NY Times and after 4 or 5 pages views I got the pop up again.
Again CtrlF4 and Alt F4 were no joy so pulled the cable once more, restarted in safe mode, turned off system restore, emptied cache, deleted temp files and scanned with both NIS and SAS, they both came up clean.
In the future I'm just going to pull the cable.
09-14-2009 03:41 AM
Thought I'd add my own first scareware experience to this great thread - although it is such a long time ago - about two years ago. I had Windows XP Home back then...and Norton AntiVirus 2003. Ancient, I know, and insufficient with regard to the threat landscape in 2007 ;-D
I remember surfing on mugglenet.com (Harry Potter fansite...) and clicking on a link which was supposed to provide information on the latest book rumours when this Errorsafe window popped up, claiming that my computer was infected with trojans, viruses etc. I knew that it was a nasty pop-up - but I didn't know that one shouldn't click on the "x" to close it. I clicked on the x - and my browser was dragged off to the Errorsafe website which sported a progress bar, giving one the impression that it was scanning one's computer; it also recommended purchasing Errorsafe software in aggressive font. I managed to close that window immediately and terminated my browser via Task Manager. I ran a full system scan and I also ran Lavasoft Ad-Aware, which I used to have back then, and both scans came up clean, fortunately. I got off very lucky, considering my Norton version was so outdated.
The next time I encountered that pop-up - it was on the same website - I physically disconnected from the internet and terminated the browser via Task Manager - I managed to avoid interacting with the pop-up that way, contrary to the first time. On contacting mugglenet.com to tell them that their website was infested with Errorsafe pop-ups, all I got was a cold response saying that mugglenet was not responsible for the actions of third-party-software/ads. I never visited that website again.
More on Errorsafe can be found on the Symantec website:
09-15-2009 02:08 PM