Malware at SMU

From Fritz Speck:

XP Antivirus 2008/2009, the nastiest piece of spyware I've seen in a long time. I'm starting to get several infections of it a week at work -- and these include computers with up-to-date antivirus where people don't have admin rights.

If you hit an infected web page, it will warn you of having thousands of viruses and insist you download the software to scan for it. The software "scans" and tells you that you need to buy their cleaner. They then have your credit card number and you still have the virus. The New York Times estimated that they make about $5 million a year through these tactics.

I've seen these warnings on thin clients (which are so locked down no virus could be on them), and they wouldn't go away until you restarted. I've seen it turn off automatic updates and hide from antivirus software. I've seen it put icons on your desktop even if you don't actually download the software (click on them and you will). It puts rootkits on your computer.

Nasty stuff. The best cleaner is Malwarebytes from http://malwarebytes.org. So far, that's always cleaned it up.

The obvious advice: If you hit a web site that warns you that you have viruses, don't download anything from there. Get out of there and scan your system with something you have reason to trust. I don't know anything about Malwarebytes.org

Note that if you try to get of the scam it will scream at you that you're about to ruin your computer. The safest way to get out of there is ctl-alt-delete and us taskmaster to close down the browser.

Several SFWA members seem to have been infected from the LOCUS web site. Be careful out there!

Francis "Fritz" Speck