Whilst I have the opportunity to blog and catch up on things, I’d thought I’d update you on a new rogue anti-spyware roaming about on the net.

Called SPYwareRemover, this rogue displays a fake alert message and downloads, then instalsl the rogue. Their website also states several key words which can cause confusion and fool computer users into thinking this is a legit and leading application:

Windows® Anti-Spyware and World’s #1 Spyware Remover.

As the arrows point, the confusion lies within the site to pass it of as something great.

When automatically installed and scanning, it looks like this:

And the guys behind this are non other than C-NetMedia. Ben Edelman has a nice article about them here.

Website URL or link:

www(dot)spywareremover(dot)com

So where do you go if you have had this appear on your system? Good question. We have our own guide linked at the end of this article. But just be careful of removal guides out there which are there to gain financial advantages themselves by purchasing a product in order to remove the infection, SpywareRemover. Our guide is 100% free.

Has this affected you? Then chat to us about this in our forum and put your views out there.

Removal Guide: SPYwareREMOVER removal instructions

OK, yesterday evening someone contacted us about something which concerned them. Especially yesterday of all days, valentine’s day, where a lot of money was to be earned.

… I want you to remember that before you move on. As it will play a part later on …

I will be focusing on 123greetings.com. This site is known to be bad for sometime now. SiteAdvisor classes it as a red/bad site and it’s not high on my choice of sites to go when it comes to online cards. In fact it’s no where to be seen on my choice list.

But imagine that you are a user with no computer experience. Go “uhhh” when you and your friends talk about a pop-up blocker and essentially haven’t got a clue when you hear the words “microsoft windows“. Essentially you wouldn’t know what WinFixer is or other rogues are either by that point.

Well imagine then how you go surfing online, because you want to send your loved one an e-Card as it’s valentine’s day. Nothing wrong with that at all. But then you get bombarded with pop-ups, flashing images and general stupid things you don’t want. Namely pop-ups for WinFixer. You’re so angry, you contact the site in question and get the following reply:

“… our business model requires that we generate revenue through the use of pop-up/pop-under advertising. Eventually our pop-up ads will go the way of other technologies that are no longer useful, but at this time they are the only way we can employ the people to make the cards in order to give them away free. Please visit our advertisers in order to keep our cards free.”

… and also …

“… as you find these pop-ups irritating, I suggest that you to use the software of your choice to block the pop-ups and make your card sending experience more enjoyable.”

So as we find these irritating and damn right annoying, we should all use software to block pop-ups? What about individuals below the age of eighteen who may not have a clue what this is? Or the elderly? Would you expect everyone to know this? Unlikely.

I have no problem with the use of adverts as long as they are clean and don’t scam computer users, or come popping-up as often as Rambo. However the adverts we encountered are not clean and certainly annoy the crap out of you. Even when I tested this myself, we had a whole lot of WinFixer adverts pop-up.

Going back to there being a lot of money to be earned on valentine’s day. The site in question is number one on Google for cards about yesterday’s occasion. So the potential revenue they went on about above will be a bucket full with extra visitors.

But that still doesn’t justify what the reply stated. To just “happily inform that complaining users should install a pop-up blocker“. Lazy tactics.

We’re waiting a reply from the site to see if they wish to clear things up. I’m not holding my breath though.

What does this highlight? Well the response from them highlights that revenue speaks louder than customers concerns. No matter who you are or how educated you think you are, telling you that “you need to get a pop-up blocker” is an easier solution to them rather than to investigate the offending advert. But we’ll keep an eye on this.

Has this been a concern of yours? What to get it of your chest? Chat about it here.

Update - 16th of Feb 2008 : An email has been received. Also, it appears that the script for WinFixer has been removed

As with every holiday and occasion in the world, guys behind malware will always create something to fool you with. Playing on emotions you could say.

The next malware to be careful about is a “Valentines’ Day” Storm Trojan. A variant of the Storm Worms. Security Cadets reader and author of WinPatrol, Bill Pytlovany, goes into detail on his blog to watch out for the following subjects in an e-mail in the run up to valentines day:

• Our Love is Free
• Happy Valentines day
• I Would Dream
• Hugging My Pillow
• Inside My Heart
• Sending You My Love
• The Dance of Love
• Eternal Love
• A Rose for my Love

There are likely to be more subjects in the run up to valentines day. So these next few days when you are looking at your email, just bare in mind the subject titles above.

Remember, do not click on anything suspicious and always report suspicious items to the relevent guys. You can contact us or post details in our forum.

First time in a long time that we have directly posted about a rogue. In fact it was over a month ago.

Today we will be highlighting a rogue called VirusHeat. And as you can figure from the screenshot below. This one is a variant/clone/sister of VirusProtect, VirusProtectPro and many more. No surprises there.

The details on who are behind it are no different either. Estdomains Inc and Ukrtelegroup Ltd are listed on the whois. And the URL to the infected site is:

www(dot)virusheat(dot)com

Avoid going to the site, unless you really know what you are doing.

Of course, once you have this flashing at you at 100 mph you want to know how you can remove it? Well, we have an automated removal guide in place HERE. But you can also get step by step guidance with a helper in our forum.

Have you been infected with this? Or have you got a question? Chat about this in details here for any questions.

It’s been a long time since I last blogged about something useful. I’ve just been snowed under with several projects and training. However I wanted to pause all of that to introduce to you a new product out there in the security world. One I have had the pleasure to test and see grow.

Malwarebytes’ Anti-Malware

What is Malwarebytes’ Anti-Malware or in a shorter term, MBAM? Well:

“Malwarebytes’ Anti-Malware is considered to be the next step in the detection and removal of malware. We compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware. Malwarebytes’ Anti-Malware can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot.

Malwarebytes’ Anti-Malware monitors every process and stops malicious processes before they even start. The Realtime Protection Module uses our advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, we have implemented a threats center which will allow you to keep up to date with the latest malware threats.”

… according to Malwarebytes.org who have produced it. So that gives you a pretty good feel for it I hope.

From testing it myself, when it was in the early stage to now, there is a fast improvement. From creating other products, all of the experience gained has certainly been put into use for this application.

A few points I like to raise is the speed of the scans, be it a quick or full scan. It certainly has been programmed correctly this way. Some applications out there who work in a similar fashion have always been bloated and take too long to scan. MBAM doesn’t.

MBAM also includes FileASSASSIN, which is an application that can delete locked malware files on your system. It uses advanced programming techniques to unload modules, close remote handles, and terminate processes to remove the file. However use this with caution as deleting critical system files may cause system errors. We would always suggest to see advice in support forums.

It has all the features like an in-built updater, log files list (useful to have and post on support forums). Along with a quarantine and general settings area. But is all of this just another application that we already have out there? Well yes, but then also no. Yes because generally everyone wants to create one and no because this application is like no other. It is unique in almost every sense. It was designed to be that way.

It’s fast and simple to use, but effective. And a good enough asset to have in removing malware from a system. But note that this alone will not delete every malware out there. By no means can it be like this as the speed of malware that is created is frightening.

Having tested this until it became public a few weeks ago, I can see a bright future for this application, because the main author and the other individuals who contribute, dedicate their time to help others. Probably all in their own time and for free. That alone is beneficial in the success of this program. It has dedicated individuals making it be better and better for the consumer. And be there to beat malware from your system. I can also see this application replacing one or two of the recommended commercial applications we use to remove certain types of malware.

Have you tested this? Want to put your point across about there being another anti-malware application? Then let us know! We strive to put any input you make forward to the author.

Links:- MalwareBytes’ Anti Malware Product Page