Thursday, January 8, 2009

Strike Three

It seems that Major League Baseball has been serving up bogus ads for antivirus scanners, which in reality lead you to malware that takes over your computer. And this isn't the first time.
ScanSafe, a company that provides malware scanning for large companies, tracked banner ads served from the popular website for more than 72 hours. The ads use a modus operandithat's all too common: They present visitors with a popup masquerading as a Windows dialog box that informs them their machine has been struck by spyware and offers a rogue anti-virus program that supposedly will fix the problem.
Now you should be very suspicious any time you're browsing some random web site and you see a popup saying "d00d! Ur's like totally pwn3d! I gotz a free antivirus 4u!!!1!" Like this:


There are good, free antivirus scanners available, from reputable companies. Here are some that I recommend. Tell 'em Borepatch sent you, for an extra 10% off the low, low price of free.
Trend Micro House Call. You need Internet Explorer for this.

Eset Online Antivirus Scan. Probably need IE for this, too.

F-Secure Online Antivirus Scanner.

Kaspersky Free Virus Scanner.

Panda ActiveScan.
There are free downloadable antivirus scanners, too. Instead of running these in your browser, you install them and run them on your computer. I recommend all of these.
AVG Virus Scanner. We use this here Chez Borepatch, on the Windows machines.

Avast! Home Edition.

Clam Antivirus. It's a bit more manual (it identifies malware, but you need to delete it). But it's Open Source.
So there's no reason to go to the local bootlegger for your free antivirus needs.

2 comments:

ASM826 said...

So the trojan this popup installs, how do you get rid of it? I got a user's machine, I think it's clean and then the next day it's back.

Anonymous said...

Thanks for the info Ted. I think I am gonna try AVG on my home machines.

On another note, I love the text from that fake popup. "The spyware". Is that kind of like "The Walmarts"? It might also be a good idea to spell correctly, when trying to scam someone into believing you are legit.

/giggle