NEWS FROM THE LAB - Tuesday, February 24, 2009

Error Check System Posted by Sean @ 16:55 GMT

Error Check System: As we pointed out in yesterday's post, the timing of the Facebook "Error Check System" application and the subsequent Google search results pointing to rogue antivirus sites was almost too perfect to be a coincidence.

It's entirely possible that the whole situation was designed to promote XP Antivirus variants such as "Antivirus 360" and "XP Police" (Rogue:W32/XPAntivirus). That's the formula, create something that spawns a search, then be ready to provide results that redirect to malicious sites.

XP-Police dialog

Either that or the bad guys are very quick on their feet and are ruthlessly opportunistic… They're both.

Let's take a look at another recent example.

Parking Tickets: That's right, Parking tickets in North Dakota.

SANS blogged about it earlier this month.

Some North Dakotans found a yellow ticket on their windscreen reading:

  •  "PARKING VIOLATION This vehicle is in violation of standard parking regulations".

That sounds kind of familiar.

The supposed ticket then instructed the victim to visit a website where the driver could:

  •  "view pictures with information about your parking preferences"

To view the pictures, a toolbar needed to be installed, that then pushed rogues at the victim.

The BBC reported on it here.

Microsoft: Last October, Microsoft and Washington state started suing scareware purveyors. There are also some recent cases in which rogue bank funds were seized. Perhaps that's a good start, but it isn't nearly enough. The real bad guys aren't scared.

How's this for bold?

Many XP Antivirus variants hamper analysis by checking for an Internet connection. Our test networks need be configured to provide the expected reply if we want to automate our analysis.

And what page does the rogue check for?

  •  http://update.microsoft.com/windowsupdate/v6/thanks.aspx

The XP Antivirus gang has been doing this for some time now… seems to us like a slap in Microsoft's face.

We would like to see Microsoft slap them back. Using a hammer.