Rogues Rise Again

by Michael on September 5th, 2006 in Researcher Comments.

Todays topic: rogue anti-spyware has surfaced again, after livening up their old tricks. Not that we can say we're surprised. Trick of the day: VirusBurst.

Fake anti-spyware software designers have been working hard to change interface and the names of their programs, but it's still the same scam: showing phoney spyware alerts on your computer to manipulate you into buying a product.

Bleeping Computer, a web community with a focus on computer technology (or, in their own words, "to turn your #$@!* computer that never does what you want it to do, to one that you praise as a well tamed tool") has let us in on the latest rogue anti-spyware program, called VirusBurst. VirusBurst is a variant of the "Smitfraud" rogue, which you can read about in our September newsletter.

VirusBurst is usually installed by a Trojan that automatically downloads and installs the program. It uses the C:\Windows\System32\eowygj.dll file to infect your computer.

How do you know if you've been hit by the scam? You'll receive warnings in your taskbar that you've been infected with spyware, along with a recommendation that you use an anti-spyware tool.

The text that currently pops up reads, "System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this balloon to get all available software." Clicking on the fake alert brings you to a commercial version of VirusBurst.

A forum on Bleeping Computer has instructions on how you can remove VirusBurst. If you've been infected, we recommend visiting the Bleeping Computer forums.

Or, update the new definition file updates at our Security Center, where you will find VirusBurst in detection.