Scammers Use Microsoft and IRS Websites To Install Viruses On Computers – Antivirus 2009 And Other Spyware Programs
(Best Syndication News) Microsoft has been playing a cat and mouse game with computer viruses and malware. Recently criminals have been installing phony security applications that claim you have viruses and then take you to their website demanding money to get rid of them. One report states that these companies are able to make $5 million a year by charging $40 or $50 to get rid of nonexistent viruses.
Antivirus 2009 and Other Viruses
Microsoft has been fighting back. A recent update of their Malicious Software Removal Tool (MSRT) was able to remove "Antivirus 2009" from almost 400,000 PCs. The Antivirus 2009 installs itself on a computer when the user visits a website. The bogus security application then begins to annoy users with pop-ups and warnings.
In November Microsoft was able to clean a million machines of the “Advanced Antivirus”, “Ultimate Antivirus 2008” and “Xpert Antivirus”. All three of those antivirus programs were actually viruses or Trojans.
Microsoft’s December assault focused on the "W32/FakeXPA" face security software programs. These bogus programs are also known as "Antivirus XP," "AntivirusXP 2008" and "Antivirus 2009."
Microsoft’s new update will also clean your computer of "W32/Yektel," that works alongside W32FakeXPA and is often bundled with the phony security software. Yektel is especially troubling because it will initiate false pop-ups in Internet Explorer (IE). These warnings mimic Microsoft’s own legitimate drop-down alerts.
New Ways To Install Viruses
There is a new technique for luring unsuspecting users into installing viruses on their systems. Criminals will use a combination of Search Engine Optimization (SEO) techniques and common redirects that can be found on Microsoft.com and the IRS.gov websites. Here is how it works.
When users are on the IRS website and click on an external link a redirect link warning alerts the user that they are leaving the IRS website. It is a friendly way to let you know that you are leaving their domain.
The redirects have a URL. Gary Warner uses this example on his blog: http://www.microsoft.com/ie/ie40/download/?//00119922.com/in.php?&n=837&t=download+fruityloops+6+free. That is a virtual page that Micrsoft didn't create but was generated by the criminal. Microsoft has removed the link already but it may have redirected you to scammer.
The next step is to create the page that the redirect would go to. The page will automatically attempt to load a virus on your system.
The final step is to use inbound links to insure that that URL pops up high in the search engines. The criminal will write articles on various blog sites with links pointing to the bogus generated redirect URL. Since the domain is a major government agency or company (like Microsoft or the IRS), Google will pick the URL up as having good page rank and include the link high up in their search results.
The above URL was for fruityloops 6 music mixing software, but it could also have been for other common software like WSFTP or Firefox.
If you are worried that you may have a virus, Microsoft has a tool to check. Here is the link:
By Mark Williams
Example of Bogus Website