homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

Fake Security Software Ring Shut Down

 10:41 am on Jun 23, 2011 (gmt 0)


About one million people are thought to have installed the fake security software, also known as scareware, and handed over up to $129 for their copy. Anyone who did not pay but had downloaded the code was bombarded with pop-ups warning them about the supposed security issues.

I had to clean this off my wife's computer a few months ago.



 12:16 pm on Jun 23, 2011 (gmt 0)

I had to clean this off my wife's computer a few months ago.

Narrative Voice: "This time it's PERSONAL! This ring messed with the wrong LAWMAN. The didn't see THIS coming. Now it's PAYBACK TIME."

Little Kid at his recently disinfected PC: "Thanks Lawman! You ROCK!"

I've come across this type of crap x2, where the only option I could come up with was to "not click anything in the pop-up" and do a CTRL-ALT-DEL and shut down the offending script/app - before it delivered its payload.


 2:20 pm on Jun 23, 2011 (gmt 0)

Glad they finally got Symantec! About time!


 2:26 pm on Jun 23, 2011 (gmt 0)

Don't allow the user "install rights"..no one needs to run as admin or SU unless they are at that moment testing for malware drive bys etc , and are in a virtual machine..

Easy ..if windows came out of the box with the same defaults as linux ..the scareware problem would vanish overnight.


 2:30 pm on Jun 23, 2011 (gmt 0)

Glad they finally got Symantec! About time!

Damn I was drinking coffee when I read that, you owe me a new screen! +1


 2:32 pm on Jun 23, 2011 (gmt 0)

? and the software was whom....


 3:05 pm on Jun 23, 2011 (gmt 0)

Hrm... this is why I have a MacBook Pro :)


 3:29 pm on Jun 23, 2011 (gmt 0)

Hrm... this is why I have a MacBook Pro :)

That's a good thing since MAC is so resistant to the same scam, right?

Let me introduce you to MacDefender which countless MAC noobs fell victim to.



 3:42 pm on Jun 23, 2011 (gmt 0)

I can imagine lawman as a sort of Adam West* with the muscle car and strat' ,to play the themes and "action music"..

I can even imagine the cape..

I'm trying to avoid imagining the tights ;-)

*that may have been Bruce Wayne ?


 4:47 pm on Jun 23, 2011 (gmt 0)

I can imagine lawman as a sort of Adam West

Nah, I'm imagining more like Wyatt Earp- tall, mustached, rugged looking.

With a muscle car! :)

Or if we're going for TV shows, a more rugged version of McCloud.

With a muscle car! :)


 5:15 pm on Jun 23, 2011 (gmt 0)

Both of those would mean he'd have to play twangy C & W ..and pedal steel and slide' even ..and rhinestone shirts..


 5:42 pm on Jun 23, 2011 (gmt 0)

Here's another one of she who must be obeyed:

You've some miles to go yet before you get to look like Rumpole..and Mrs Lawman is infinitely more cute than those who have played "Hilda".

what no strat' pics !


 6:15 pm on Jun 23, 2011 (gmt 0)

I have a face made for radio.

Okay, we'll let you wear wear a mask that has a false mustache on it. :)

"The New Adventures of Lawman, Peacekeeper of the Information Highway"
(roll credits)


 6:26 pm on Jun 23, 2011 (gmt 0)

Here's my other love

Ok, I'm confused, were these bad guys "shut down" or "run down"?

And why doesn't the dock go out into the water? Isn't it hard to drag the yacht through all that sand?


 6:29 pm on Jun 23, 2011 (gmt 0)



 6:50 pm on Jun 23, 2011 (gmt 0)

from the same source,
a younger days incrediBill



 8:12 pm on Jun 23, 2011 (gmt 0)

Sorry guys. Anyone want to help me get this Featured Thread back on track?


 10:02 pm on Jun 23, 2011 (gmt 0)

I had to fork out $60 for this scam just to get access to my computer so I could correct it. I was surprised McAfee didn't catch it but found StopZilla as a result. It got me again this morning but StopZilla, and now McAfee, both jumped on it right away. Now I'm disputing the purchase. Maybe I don't have to get a new credit card now.


 10:36 pm on Jun 23, 2011 (gmt 0)

Anyone want to help me get this Featured Thread back on track?

Sounds like Lawman's organizing a posse!

Sorry- couldn't resist one more! :)

My wife's computer had a virus that was similar. It kept popping up messages about being infected (looking VERY much like Windows error messages). She has Vista on her laptop and I'm not that used to it- it sounded very much like the messages were coming from some security suite in Windows. (So I can understand how so many people fall for these scams.) When I clicked on the link to "update your protection" and saw a price tag, I suspected something was fishy. Did a quick Google of the software name on my machine (the virus had disabled IE on her machine) and saw that it was, in fact, a scam. Was also able to find out how to eradicate it from her machine.

Maybe I don't have to get a new credit card now.

Did you enter your credit card information on their site or a 3rd party site? Besides just taking your money, they may have been collecting CC data to sell. You might want to get a card with a new number issued just to be on the safe side.


 11:04 pm on Jun 23, 2011 (gmt 0)

So I can understand how so many people fall for these scams.

Not so sure people are falling for these scams. I knew it was a scam when I ran McAfee and nothing showed up. And when they wanted money to fix the problem.

Bottom-line, the program that got me took over my computer. If I had a second computer I could have researched the issue, burned a copy of the solution on a disk, and corrected it on the infected computer. I didn't have that option and it was Sunday morning.

The program that got me was the equivalent of a digital strong-arm robbery or a ransom demand. I was livid. Both times I got hit I was at trustworthy news sites.

You might want to get a card with a new number.

You're probably right. I've been watching the card like a Hawk since this happened last Sunday. I have a lot of buyer protection programs. Today's article makes me hope the FBI have the servers with my number on it.


 1:11 am on Jun 24, 2011 (gmt 0)

So..the obvious question, to my mind, is, of those in this thread whose machines or the machines of their families were compromised by malware, whether installed by drive by or by manipulation.

Are those machines still running as "root" and open to the net ? ..Because if so ? ..it will happen again..and again..and etc..


 1:14 am on Jun 24, 2011 (gmt 0)

Buyer protection won't usually protect against use of your cards details by phishers collecting to sell on your data..because you handed the card details over..

Buyer protection is for when you buy something and it isn't delivered..or doesn't do what it said it would etc ..

You bought a fix..they delivered one ..the fact that the problem was of their making combined with the unthinking installation by yourself or someone else on your machine..isn't the credit card company's fault..nor the fault of their other customers..so why should either take the hit via insurance or higher premiums for all customers because some don't take basic precautions ..

Running as root when you don't need to is like leaving your car running with the keys in the ignition while you go around the corner for a coffee, in what you know is a rough area ..the innerwebs are not safe .webmasters should know that..better than anyone.

And amongst the first things that any new machine or install of any OS tells you is that it does not advise running as root or admin, due to the security problems that can bring you..problem is people ignore that message ..and then in windows any well crafted script can go through shells, and an "alert" box with "OK" on it will let you click and run as admin without asking for a password and maybe giving the operator time to think "is that really such a good idea"..

The weakest part of any IT security is the chair keyboard interface ..and on mobile devices and voice operated systems you don't even need to click OK to get pwned.

And in anticipation of the inevitable thoughts or comments of "my granny cant be expected to know or think of this" ..a computer is a high tech device ..in the wrong hands it can cause havoc a very long way ( around the other side of the world if its running as a zombie ) from itself ..

You wouldn't leave your granny at the wheel of a 40 ton truck or a 600 HP car with the keys in and the engine running and no supervision..and no safety measures in place ..like brakes :) or chocks, or with the trans ready to go from 0 to 300 on a click ..

Especially if all you needed to keep granny and everyone else safe was to make sure that she couldn't floor it without putting in a password and going to "I really know what I'm doing here formula 1 mode" ..and you wouldn't let her near the nitro switch..

[edited by: Leosghost at 1:46 am (utc) on Jun 24, 2011]


 1:34 am on Jun 24, 2011 (gmt 0)

Are those machines still running as "root" and open to the net?

I hope not. To the best of my knowledge the problem is gone. The article said they would place a legitimate ad first then replace it with a malicious ad second. I didn't get any indication the ads are self perpetuated. They got busted and servers were confiscated. I'm guessing after a few days the possibility of getting this virus/bad ad is gone.

Buyer protection is for when you buy something and it isn't delivered..or doesn't do what it said it would etc..

Or doesn't do what it said is what I'm basing my dispute on. The claims were fake, the solution was fake. Maybe I'll get my money back...


 1:43 am on Jun 24, 2011 (gmt 0)

I mean your machine ( and the machines of the others who have been hit ..not the bad guys servers or the delivery boxen) ..is your computer still running under an "admin" or a "root" account..?

'Cos if it is ..this will be the first of many such painful episodes ...


 1:53 am on Jun 24, 2011 (gmt 0)

The computer is my desktop at my house. I'm not running a network if that's what you are asking. I'm not real technical Leo, just a marketing/SEO guy. I think I took care of the problem and just caught the virus a second time from a second reputable news site the morning before the bust. There maybe a few more ads in the pipe before the problem is completely gone. I hope...


 2:31 am on Jun 24, 2011 (gmt 0)

Make them work in a forced labor camp somewhere in Turkmenistan.


 3:02 am on Jun 24, 2011 (gmt 0)

Is your account on your house computer ( we know its running some flavour of windows ) the admin account?

If it is ..it doesn't need to be ..create a "user" account..use that one for doing everything..especially on the web and email etc..

Only switch to admin ( give "admin" a password that must be typed in to become "admin" ) when installing software that you get in a real box that you can touch..

You'll save yourself a boatload of grief..and those who really know about security won't think you are a wuss for not running as admin ( why most people do run as "admin" ...."my damn machine and I'm running as the highest user, "admin" that's me..or only me and SO use it so.. we'll both be admin..cus its our machine" )..but will think you are sensible and not spreading the problem ..


 9:44 am on Jun 24, 2011 (gmt 0)

Everytime I came across another machine infected with this stuff, I just wanted to track down and punch that guy(s). How much world wide wasted time have they caused.

I hate to sound like an advertisement but once you've managed to kill the process, the best software to fix the machine is from malwarebytes.


 5:00 pm on Jun 24, 2011 (gmt 0)

Thanks for the advice folks.


 5:20 am on Jun 25, 2011 (gmt 0)

@Leosghost I think most people run as admin because they simply do not know how to create user accounts, or that such things exist.

You know that its a bit like driving a car without knowing how to use the brakes.

People are simply not prepared to be sensible about computers. Lots of people do not take backups until after the first time they lose valuable data.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved