Archive for the ‘Anti-Virus/Malware’ Category

Fake MS Malicious Software Tool

Posted February 21, 2008
Filed under: Anti-Virus/Malware |
* Leave a Comment

While surfing the net this morning I received this pop-up window.  It looked just like it came from the windows update, lower right corner.  After a few seconds with out clicking on anything, a download window with an executable file poped up.  

 Fake MS Malicious Software Tool

However, I was using the Firefox browser and knew something was wrong.  I stopped all Internet activity with Zone Alarm firewall so I could investigate and kill it.  The avarage user would likeley have installed this thing.

Troj/Tfactory-A

Posted January 22, 2008
Filed under: Anti-Virus/Malware | Tags: , ,
* Comments (1)

Troj/Tfactory-A is a Trojan which claims to remove spyware and adware from your computer.

Web surfers are presented with what appears to be a popup window advising them to download the latest version of Microsoft’s Windows Malicious Software Removal Tool, in reality, the popup window is just part of a larger image that takes up most of the computer screen. If the user clicks anywhere on this image, his computer will then begin to download the Trojan program.

Troj/Tfactory-A sets various registry entries and downloads various dummy files, so that it can then report these dummy installations of spyware and adware, in an attempt to coerce users into buying spyware and adware removal software.

Troj/Tfactory-A displays popup messages with text such as:

‘This notice is brought to you by Windows Security Center.’
‘Download spyware remover now and run full system scan to remove trojans, viruses and spyware from your PC…’
‘Your computer running slower than usual! It maybe infected with dangerous spyware or adware. Full system scan is highly recommended to remove possible malicious spyware from your computer.’
‘Windows Security Center – Alert!’
‘Windows Security Center has detected spyware activity on your computer! Click here to remove spyware…’
‘Click here to remove spyware and adware from your computer immediately…’
‘Click to remove spyware and adware from your computer…’
‘Click here to remove spyware, adware, trojans and viruses from your computer…’
‘Protect your computer. Download spyware remover to remove spyware and protect your data and privacy.’
‘Windows has detected spyware on your computer! Full system scan is highly recommended to remove spyware.’
‘Danger! Spyware activity detected on your computer…’

Troj/Tfactory-A installs itself and downloads a long list of files.

see: http://www.sophos.com/security/analyses/trojtfactorya.html