Antivirus 2009 Scam

Watch Out Suckers

I had a problem connecting a JVC DV camera to XP. It's either a driver problem or a defective cable/component. I googled for a driver, or a possible solution. Google came back with a number of pages that may contain the answer to getting XP to see the device.

First link I followed took me to a hardware site, but had the wrong camera. The second link I followed launched a scare attack to frighten me into buying Antivirus 2009. Browser windows with alert boxes leapt at to warn me of impending doom on my windows XP machine.

I run Linux, so I was suprised to learn that my machine was now running windows XP and that I was infected with Viruses, Trojans, and other nasties. The online scan, found file after file was infected and countless dll's too. Strange. I have been running Linux for years on this box and I have never seen a dll on it or any other Linux system. I always thought that dll's were part of the windows world.

I declined the scan, but it was generous enough to go ahead anyway, and found 517 trojans on my machine. 362 trojans were located on my C:\ drive, and a further 155 trojans on my D:\ drive. Now I knew something was amiss, as I don't have a C:\ or D:\ drive on my Linux box. My hard drives are:

/dev/sda1 - for my OS.
/dev/sdb1 - for my data.

After the scan finished, I killed the browser and the pop-up dialogue boxes, and checked to see who may be doing this.

Here's an image of the scan on my "Linux / Pseudo Windows" box:

Your Gonna Pay

If you running windows XP, I suggest you don't go there without first disabling Javascript in your browser.

The site redirection took me to:

http://antispywareliveproscan.com/promo/1/freescan.php?nu=880135

I did a whois on the domain and found it was registered to a:

Luzi A Matzig, Lumpinee, Thailand.

The redirect started from:

http://glossyfloors.com/qayfu/thexw/connection/connection.htm

I did a whois on that too and it belongs to Joel Weinstock, at some bogus address in New York.

I know a dude who was attacked by this scare tactic and fell for it. He downloaded a file to scan and clean his system, and actually paid for the product. The product went on, soon after, to hose his system.

If you find you have been snared by this system, don't click on the browser or any of the so-called buttons. To kill the browser and the pop-ups, hit alt-F4, to close a window. If its persistent, press the reset button to reboot your computer.

DO NOT, run the downloaded file. You will embed a trojan into your system, and can have LOTS of fun cleaning up your system after.

I have a few more pix of the scam that I will post later. Its late now and I need to get to bed.

That's all folks!