Stopping fake "antivirus" programs

**tracyprier** · 06-15-2011, 02:05 PM

Hi all

Every now and then one of our computers gets hit with one of those fake antivirus programs. The latest is the "windows xp recovery" one.

Is it possible to stop these via untangle antivirus or even another of the UT modules?

thanks
Tracy

**sky-knight** · 06-15-2011, 03:16 PM

Most of these buggers are getting in via out of date Java installations, or ancient non-updating Acrobat Reader 8.0 installs.

Untangle's AV helps, as does strong desktop AV. But if you want to prevent them, update your stuff.

**dashpuppy** · 06-15-2011, 10:26 PM

Originally Posted by sky-knight

Most of these buggers are getting in via out of date Java installations, or ancient non-updating Acrobat Reader 8.0 installs.

Untangle's AV helps, as does strong desktop AV. But if you want to prevent them, update your stuff.

Very true.

Most people just click NO don't update and ignore the fact that updates are important.

**f1assistance** · 06-16-2011, 03:00 AM

If users have unhindered access to the interweb along with permission to run/install, and you marry this with their curiosity and compulsive need to click, malicious software taking up residents on that machine cannot be stopped...
I personally appreaciate SSL/TLS for my own privacy, but am concerned and frustrated with the lack of visibility and control realized as an admin.

It's the age old game of cat and mouse with no end in site...stay tuned as the saga continues.

**dashpuppy** · 06-16-2011, 11:38 AM

Originally Posted by f1assistance

If users have unhindered access to the interweb along with permission to run/install, and you marry this with their curiosity and compulsive need to click, malicious software taking up residents on that machine cannot be stopped...
I personally appreaciate SSL/TLS for my own privacy, but am concerned and frustrated with the lack of visibility and control realized as an admin.

It's the age old game of cat and mouse with no end in site...stay tuned as the saga continues.

Good thing Ubuntu is free and MORE Support than ever before!

**sky-knight** · 06-16-2011, 02:51 PM

A change in OS will not cure the end user of bad habits. I don't care how good it is, the threats will simply change to match the new paradigm.

**Tango_Kilo** · 06-18-2011, 09:09 AM

Also the fact Java runs on *nix as well, there are cross platform attacks. I can't help but feel a bit of schadenfreude with the recent wake up call Mac users have gotten from Mac specific malware.

The big 3 to patch or disable are Java, Flash Player and Acrobat (and/or Reader). Truly any PDF handler if you wish to be honest, Adobe just has more attack vectors than others, but none are fully immune from a malicious PDF. Taking simple steps to disable Java, opening 3rd party files and multimedia content (all are enabled by default) within your PDF handler go a long way towards protecting against the "next" wave of PDF based attacks.

**Danp** · 06-18-2011, 06:22 PM

I actually got hit with one of these for the first time today. Looks like AndroidCentral is under attack and spreading malware.

Thread: Stopping fake "antivirus" programs

LinkBack

Thread Tools

Stopping fake "antivirus" programs

Social Engineering Just Works!

Posting Permissions