Scareware targets users infected with industrial espionage worm
Posted on 16.07.2012
ACAD/Medre.A, a worm that steals AutoCAD drawings and sends them to remote servers, was recently discovered infecting a great number of computers in Peru and some other Latin American countries.

As interesting as the malware may be, its geographically limited eruption probably means that not a lot of people have heard or worried about it. Still, those who have and are searching for tools to remove it might be in for another nasty surprise, as ESET researchers have unearthed a website seemingly offering one such tool.

But bizarrely enough, the description the site gives of how the worm behaves and the damage it does on a computer is completely innacurate.

It says that the worm redirects searchers, changes the desktop image, slows down the computer and the Internet, makes unwanted windows pop up, corrupts the Windows registry, "contains" Trojans and keyloggers and, finally, that it "displays numerous fake infections of exaggerated security threats on your computer and then state that you should purchase the program in order to remove the infections."

The site also says that the manual removal process for the malware is a "cumbersome procedure" that "does not always ensure complete deletion", then continually prompts users to download a removal tool that would ease the process considerably.

The tool in question purports to be Spyware Doctor, by legitimate software manufacturer PC Tools, but it's nothing of the sort. The downloaded executable installs three files on the computer: FixNCR.reg, "SpyHunter-Installer.exe, and SpeedyPC Pro Installer.exe.

The first one claims to delete the registry entries modified by ACAD/Medre.A, but does nothing of the kind. Instead, it deletes other, harmless ones.

The second one supposedly detects the worm on an infected systems. Not surprisingly, this tool also doesn't work as advertised.

The third one seems to be doing a good job, as it detects all of 63 different malware installed on the system - including the aforementioned SpyHunter - but not ACAD/Medre.A.



For the umpteenth, the user is urged to buy the solution that will get rid of all this malware - a solution that will cost him $119 per year.

And in case he might still be unsure whether to do that, a working "Live Expert 24/7" chat service available from the site is there to try to lead him in the right direction.






Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //