Windows Antivirus 2008

Windows XP Antivirus 2008 is not an antivirus program; rather, it is malware which pretends to be an antivirus program. It may also pretend to be antispyware or "privacy protection" software.

The infection method is usually this: while surfing the Internet with Internet Explorer, a window will pop up, telling you that your machine is infected and asking you to run or install the cleaner; regardless of whether you click yes or no, it installs the malware.

Typically the machine will begin displaying pop-ups informing you that your machine is infected and asking if you want to clean. It will even pretend to scan and will show you “infected” files. Your desktop background may be replaced with a warning screen. (this screen is often not a regular background, but a web page that re-infects your machine any time you click on it). The number of popups can make your machine almost unusable, and are highly annoying. The “antivirus/antispyware” will tell you that it is unable to clean your machine and will ask tht you buy the “full version” to allow it to do so.

That’s bad enough; however, the software is being bundled with other Trojan downloaders (often Trojan.zlob variants) so that your system will automatically download more malware; keyloggers (applications which track all keystrokes on a machine, looking for passwords, credit card #s, PINs and so on) are one of the common types of malware that can be installed without your knowledge once the downloader Trojan is at work. At the minimum, the attacker will gain access to your email; if you have online banking or purchasing, the attacker may be able to compromise your accounts or steal your identity.

The following is a section of an article from InfoWorld online, written by Roger Grimes, a security adviser.

“The first major threat going around these days is known as XP Antivirus 2008, though it's also known by a few other similar names. A user is socially engineered into installing a bogus anti-virus program, which then, in a not so startling development, detects thousands of malicious viruses, and prompts the user to buy their program to get rid of the malware. Often the only malware program the user has is the XP Antivirus 2008 program itself.

The interesting aspect of this malware program is its capability to modify the normal Microsoft Windows desktop to look as if the status bar is sending an alert message indicating a virus infection. The alert warning looks like an official Microsoft Windows warning, bubbling up from the area where you normally expect legitimate programs to be. The XP Antivirus 2008 program install looks just as official, but once installed asks for money to get rid of the supposed viruses or starts stealing confidential information.

Too late, most users realize they have been scammed by the malware program. The Internet is full of sites and tools attempting to help users disinfect their PCs. Most solutions don't work, no matter how well intended. The malware program is programmed to prevent easy cleanup, including blocking access to Web sites that can offer good help and preventing legitimate cleanup tools from running.

My advice with any successful malware-exploited PC is to back up the data, format your drive, re-install your programs, fully patch, and begin all over again. Change your online passwords and PINs, monitor your credit, and begin your cyberlife anew. Today's malware is criminally motivated and trying to steal all your money, one way or another.”

TO AVOID INFECTION:

1)      If you get a popup that tells you that you need to install an anti-virus/anti-spyware program, DON’T. IMMEDIATELY quit your web browser and restart your computer by using the Shut Down command. (Start=>Shut Down).

2)      Don’t install any antivirus , antispyware or privacy software without asking your tech person about it. Several of the infections we’ve seen were caused by users installing such items. (Scott Wilson scott.wilson@okstate.edu 405-744-4414, Levi Arnold levi.arnold@okstate.edu 405-744-7847, or Mick Hoeltzel, 405-744-4390). In general, all Extension computers should be running McAfee Enterprise AntiVirus and Spybot S&D antispyware. AVG’s antispyware is also good, as is Ad-Aware – although you MUST purchase a license to use Ad-Aware on a work computer.

3)      When possible, use a web browser besides Internet Explorer. Although infections that target all browsers exist, IE still has the most likelihood of allowing unwanted access to your system. FireFox (http://www.firefox.com) is an excellent choice.

An infection of this type can cause serious problems. Please be careful about what you download, and we’ll all have an easier time.