Thursday, February 28, 2008

Rogue XP downloads for "security" in comments


Tonight, I found a comment on one of my blogs, that consisted of the word “here” with a link to a blogspot entry. However, that entry had been equated to xpantivirus dot com. Apparently the comment poster had an account and was able to bypass the monitoring of comments. I did delete the comment. If a visitor finds another such comment, it should be ignored. The visitor can email me, but I check the comments regularly for validity, even those that have bypassed monitoring.

I suspect that there will be more said about "comment monitoring security" in the Blogger community soon. Watch the boards for it.

If one clicks on that link, one gets a warning box near the task bar suggesting that the computer is infected, and that the product must be purchase. If McAfee Site Advisor is installed, the computer will simultaneously display the McAfee Site "red rating" page warning (the user may have to re-maximize the browser to see the warning). A quick check in search engines about this item shows that it is fake. The box itself does not seem to hurt anything, but if the product were installed it might act as spyware, or at least try to get the user to purchase "security" products to remove phantom viruses.

Some sites report that when a computer (XP or Vista) is "infected: with XPantivirus, the computer will display the warning task bar box upon reboot.

McAfee’s reference to this issue dates back to Oct 2007 and is here.

Curiously, the item does not appear when searching McAfee for viruses.

Symantec (Norton) has this reference:

Sunbelt software gives this reference.
Sunbelt lists the names of applicable files and registry keys one can check for (with a Windows search) if one has clicked on this site.

When presented with an ad for anti-virus software, the visitor should always research carefully if the company is unfamiliar. Of course, use search engines – and ironically, that makes the whole subject of “reputation defense” relevant – for a novice software company, at least.

No comments: