It's the frakkin' Black Plague!

[neutralhills]

I had 39 systems come into my shop for disinfection this week. They all had the latest rogue AV applications making the rounds:

Win XP Antivirus 2008/2009 Pro
MS Antivirus
Anti-spyware 2008
...etc.

Up until now I could just pretty much throw COMBOFIX onto the systems and let it work its magic. Except over the past week the new variants all include a bastard of a rootkit component that can side-step COMBOFIX. I've had to resort to using UNHACKME 4.8 to knock out the rootkit component, follow it up with COMBOFIX, and then clean after those with MALWAREBYTES ANTIMALWARE and AVAST just to make sure I got everything. The bloom is off the rose for me with AVG 8.0. I'm extremely unhappy with the amount of crap that slips past the latest version.

Most of this rogue malware @#$% seems to be slipping in through either IE or poisoned Flash ads in the case of the Firefox users. XP and Vista are equally vulnerable. I've been sending the machines back out with Firefox 3 with the No-Script addon loaded to try and keep them from coming back into the shop again soon.

Anyone else seeing the same thing?

[zimbo]

mate personally im a NOD32 (dont quite like the new v3 - 2.7 was the best) and spyware doctor with xoftspy worse case throw in Hijackthis too!!

[zebulebu]

Quote:

Originally Posted by neutralhills

I had 39 systems come into my shop for disinfection this week. They all had the latest rogue AV applications making the rounds:

Win XP Antivirus 2008/2009 Pro
MS Antivirus
Anti-spyware 2008
...etc.

Up until now I could just pretty much throw COMBOFIX onto the systems and let it work its magic. Except over the past week the new variants all include a bastard of a rootkit component that can side-step COMBOFIX. I've had to resort to using UNHACKME 4.8 to knock out the rootkit component, follow it up with COMBOFIX, and then clean after those with MALWAREBYTES ANTIMALWARE and AVAST just to make sure I got everything. The bloom is off the rose for me with AVG 8.0. I'm extremely unhappy with the amount of crap that slips past the latest version.

Most of this rogue malware @#$% seems to be slipping in through either IE or poisoned Flash ads in the case of the Firefox users. XP and Vista are equally vulnerable. I've been sending the machines back out with Firefox 3 with the No-Script addon loaded to try and keep them from coming back into the shop again soon.

Anyone else seeing the same thing?

Yep. Its definitely infected banner ads - brought to you by the good folks at AdTraff exploiting the stupidity and lax security protocols at Doubleclick. Been going on for well over a year now, but I've definitely noticed a larger number of infections in the past month. I've had eleven private jobs since the beginning of July - nine of which were malware infections without obvious vectors (P2P, warez etc). All of them were running pre-SP2 XP so vulnerable to shedloads of crap anyway, but more than half had some form of free AV (Avast, AVG) installed.

I even had it at work a couple of weeks back - a user told me she 'had a virus' - it was a scam for WinAntiVirus that had slipped under McAfee's anti-spyware desktop client radar and got past our Finjan defences as well. Its starting to get nasty again - after about two years of relative quiet where they seemed to be focussing on Storm and its variants as drop vectors, they seem to have cottoned on big time to the DART malicious ad redirect route and its variants.

[VantageIsle]

Yep, likewise.
Over the past three weeks I have delt with over 5 virus infections. All had slipped by Norton wich we have the misfortune to use at work. The worst one I have seen appeared last week, it was a hijack of IE that kept on prompting for some spyware removal add-in to be installed, blocked access to task manager and add and remove programs (yes, even from the command line) managed to remove it in safe mode only for it to respawn on normal startup. Thats a reinstall then. Over viruses I manged to remove, but rebuilt the machines as a precaution.

On a side note, I have been using AVG free for over a year now, I'm thinking of investing in an antivirus program for home use as I hear AVG is not as effective as it once was.

[dales]

On a similar note someone gave me their home laptop to have a look at, its the first virus I've ever seen that im actually really impressed with. They had the advanced antivirus 2008 version of spyware/virus, and I must admit that it looks really good. In that I mean the way it does actually look like a fairly genuine bit of antivirus software. Got to hand it to those particular set of virus writers its a genius idea, even if they are scum of the earth!