TradeMe Malware

Discussion in 'NZ Computing' started by Jonno, Oct 3, 2010.

  1. Jonno

    Jonno Guest

    Anybody get the Malware or know anybody who got the Malware from TradeMe
    Thursday or Friday?
    <http://www.stuff.co.nz/technology/digital-living/4192645/Trade-Me-malware-glitch>

    Not sure if it was the same one but had a friend who was infected with the
    "Antivirus IS" bug on Friday. Was that the one?
    Removed it from his machine by following the uninstall guide from
    bleepingcomputer.com. Worked fine. Great site that.
    <http://www.bleepingcomputer.com/virus-removal/remove-antivirus-is>
     
    Jonno, Oct 3, 2010
    #1
    1. Advertising

  2. Jonno

    Matty F Guest

    Jonno wrote:
    > Anybody get the Malware or know anybody who got the Malware from TradeMe
    > Thursday or Friday?
    > <http://www.stuff.co.nz/technology/digital-living/4192645/Trade-Me-malware-glitch>


    The problem was not very well expressed by TradeMe.

    I understand that in order to become infected:
    1. You had to click on an advert.
    2. You had to believe that youir machine was infected just because a
    website told you so, when you didn't go there to have a virus check.
    3. You had to download some dodgy software.
    4. You had to run that software.
    5. You then failed to notice that data was going in or out of your
    machine
     
    Matty F, Oct 6, 2010
    #2
    1. Advertising

  3. Jonno

    Jonno Guest

    "Matty F" <> wrote in message
    news:...
    >
    >
    > Jonno wrote:
    >> Anybody get the Malware or know anybody who got the Malware from TradeMe
    >> Thursday or Friday?
    >> <http://www.stuff.co.nz/technology/digital-living/4192645/Trade-Me-malware-glitch>

    >
    > The problem was not very well expressed by TradeMe.
    >
    > I understand that in order to become infected:
    > 1. You had to click on an advert.

    Not sure about that. The one I've dealt to (Antivirus IS) appears to have
    been downloaded surreptitiously from either an advert or from a web site
    without any input from the infected user. It is the latest one of a number
    of similar malware out there.

    > 2. You had to believe that youir machine was infected just because a
    > website told you so, when you didn't go there to have a virus check.

    Not on this one. The malware was downloaded and opened automatically at the
    next startup of the computer. It was in the form of a fake antivirus program
    that purported to be scanning your machine and reporting infection by many
    viruses. These reports are all fake and the purpose of the malware appears
    to be to get the unsuspecting user to buy the product to supposedly get rid
    of the viruses. If you did pay it would be bye bye money. The malware also
    alters settings in your internet browser so that you can't access the
    internet and alters other settings so that an executible file can't open.
    Therefore attempting to prevent you running a real antivirus program. It may
    also alter other settings including in antivirus programs rendering them
    unuseable.

    > 3. You had to download some dodgy software.

    This malware was downloaded surreptitiously.

    > 4. You had to run that software.

    This malware ran automatically and was not picked up by antivirus software
    unfortunately.

    > 5. You then failed to notice that data was going in or out of your
    > machine

    From what I can gather that was not the case and there was no other payload
    from this malware other than the attempt to get money for a fake antivirus
    program and of course the nuisance value.

    I have now seen five cases of this nuisance all from older people who were
    just surfing the web. None of these people seemed likely to have been
    visiting porno sites or sites that might usually be associated with malware.
    All ran antivirus software but it seems as though this particular malware
    may not have been included in their latest updates. Luckily removal of the
    malware has been fairly easy.
     
    Jonno, Oct 6, 2010
    #3
  4. Jonno

    PeeCee Guest

    "Jonno" wrote in message news:...

    Anybody get the Malware or know anybody who got the Malware from TradeMe
    Thursday or Friday?
    <http://www.stuff.co.nz/technology/digital-living/4192645/Trade-Me-malware-glitch>

    Not sure if it was the same one but had a friend who was infected with the
    "Antivirus IS" bug on Friday. Was that the one?
    Removed it from his machine by following the uninstall guide from
    bleepingcomputer.com. Worked fine. Great site that.
    <http://www.bleepingcomputer.com/virus-removal/remove-antivirus-is>



    Got one yesterday that 'may' have been from Trademe.
    Owner noted it arrived while they were browsing Trademe 'last week'

    Classic 'scareware, called itself "Smart Security"
    Not listed in Programs and Features.
    Two shortcuts on the desktop, one to Smart Security, the other to "Computer"
    with a mouse over bubble along the lines of "Computer folders and files".
    Both shortcuts pointed to c:\program data\b50823\smb50_302.exe the sneaky
    buggers.
    (first time I've seen them poked into 'program data' to)

    Dead lucky picking this one up as being a window popped up seeking
    permission to allow connections to the new network (my LAN) for
    'smb50_302.exe' so was able to kill it before it got out.
    MSE identified it as Win32/FakeVimes.

    Best
    Paul.
     
    PeeCee, Oct 6, 2010
    #4
  5. Jonno

    Jonno Guest

    "PeeCee" <> wrote in message
    news:i8isem$j1f$...
    > "Jonno" wrote in message news:...
    >
    > Anybody get the Malware or know anybody who got the Malware from TradeMe
    >
    > Got one yesterday that 'may' have been from Trademe.
    > Owner noted it arrived while they were browsing Trademe 'last week'
    >
    > Classic 'scareware, called itself "Smart Security"
    > Not listed in Programs and Features.
    > Two shortcuts on the desktop, one to Smart Security, the other to
    > "Computer" with a mouse over bubble along the lines of "Computer folders
    > and files".
    > Both shortcuts pointed to c:\program data\b50823\smb50_302.exe the sneaky
    > buggers.
    > (first time I've seen them poked into 'program data' to)
    >
    > Dead lucky picking this one up as being a window popped up seeking
    > permission to allow connections to the new network (my LAN) for
    > 'smb50_302.exe' so was able to kill it before it got out.
    > MSE identified it as Win32/FakeVimes.
    >
    > Best
    > Paul.


    Thanks Paul sounds similar. Seems there is a whole clutch of fake antivirus
    malware about just now.

    Jonno
     
    Jonno, Oct 7, 2010
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JD

    TradeMe strangeness

    JD, Aug 6, 2003, in forum: NZ Computing
    Replies:
    16
    Views:
    840
    SteveM
    Aug 8, 2003
  2. bruce

    trademe con? - $10 to ask a question

    bruce, Nov 8, 2003, in forum: NZ Computing
    Replies:
    44
    Views:
    3,198
    paulisa2
    Mar 14, 2010
  3. Craig

    Question about "TradeMe" bidding

    Craig, Jan 27, 2004, in forum: NZ Computing
    Replies:
    2
    Views:
    637
    Bryan Souster
    Jan 27, 2004
  4. Weez

    Trademe idiots

    Weez, May 13, 2004, in forum: NZ Computing
    Replies:
    57
    Views:
    1,213
  5. paora

    Trademe alternatives?

    paora, May 18, 2004, in forum: NZ Computing
    Replies:
    7
    Views:
    1,502
    paulisa2
    Mar 14, 2010
Loading...

Share This Page