The feds stepped up and nabbed a ring of scareware distributors who made millions of dollars distributing their scareware, also known as FAKE Antivirus. This is great news, but will it totally eliminate this form of online scams? The likelihood that this group or ring is the sole organization that distributes scareware is highly unlikely, but it will make a positive impact in the reduction of scareware distribution.

Chip East / REUTERS

The Department of Justice and the FBI have cracked an international scareware ring believed to have scammed over $72m (£45m).

Operation Trident Tribunal seized more than 40 computers and servers and arrested two people in Latvia. 22 computers were seized in the US along with 25 machines in France, Germany, Latvia, Lithunia, the Netherlands, Sweden and the UK.

The gang screwed money out of more than a million victims. They installed software on their computers which falsely claimed to have detected viruses or malware. The gang then took payment for supposedly cleaning up the machines.

About 960,000 machines were infected with the scareware and $72m ($45m) extracted from worried users.

The two highly distributed and most malicious scareware programs since 2009 are Security Tool and System Tool. I am not sure if this group is responsible for the distribution of these programs.

Source: The Register

I recently clicked on a shared link on one of the popular social networks and before I could put the brakes on, it was nasty! I am not a fan of Lady Gaga and the link didn’t indicate who the music was by, but it did have this little bait message.

“You got to listen to this, it rocks!”

The message had me believe it was a rock song, but it was more than that, it was a Lady Gaga song with a hidden Trojan that launched a nasty rogue antivirus. I immediately contacted my friend to tell him about the download. He couldn’t stop apologizing and he told me his machine was infected to, but he didn’t know it until after he sent the link out.

I was able to remove the Trojan by using these instructions here. I asked my friend where he got the link from, and he replied – it was a link in an email. Oh boy!

I am not sure how many people have received this email or clicked on the link with the message “You got to listen to this, it rocks!” If you receive an email or someone shares a link like this, I’d delete it immediately.

I am now Gaga that the parasite is now removed from my computer.

When will people learn not to click on links in an email from people they don’t know?

Since October 2009, there have been many variations of Security Tool, also known by security experts as Security Tool Virus. This Trojan has exploited more than a million computers, but no one knows for sure what the exact number is for total computers infected.

Everyday a new bogus antivirus and or security application is released. These programs are clones from others like it with different branding and skins (look and feel).

These fake antivirus and security programs are money making machines. They fool users into purchasing the software in order to remove the fake threats on the user’s computer.

How does a computer get infected?

There are several ways a computer can get infected by these pesky fake security programs. The Trojan can be installed by other malware through email attachments and links, drive-by downloads, downloading free software and clicking on links shared from social networks.

Here are other ways you can be infected;

• Advertisements that go to malicious websites
• Fake torrent files or downloading files on file sharing networks
• Porn sites and Pirated software
• Search Engine Optimization poisoning
• Web pages containing exploits

If you ever see a notification in your system tray (below image), you probably are infected with this nasty Security Tool Virus.

How to Remove System Tool or Security Tool

1. Download MalwareBytes to your desktop and rename it to Explorer.exe as Security Tool blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
2. Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
3. Run RKILL to stop all background processes related to Security Tool.
4. Launch MalwareBytes and run a (Full Scan) to remove infections.
5. Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\

a.      Windows XP HOSTS File Download Link
b.      Windows 7 HOSTS File Download Link

1. Reboot your computer.

Your computer should be clean and working normal again.

For more detailed instructions, visit http://www.bleepingcomputer.com/virus-removal/remove-security-tool

Windows Security 2011 is classified as a rogue antivirus program that falsely alerts and reports security threats on a user’s computer. These rogue and or fake security programs are distributed for the purpose of stealing your money by scamming users into purchasing a license copy in order to remove the fake threats.

Windows Security 2011 will block certain programs from running to prevent the Malware from being removed before the user forks over money. It’s common that these programs will block users from browsing certain web sites that offer legitimate virus removal. The program will also install spyware and KeyLoggers which can be used to record sensitive data such as banking information.

The most annoying issue is all the fake pop-up notifications in the system tray notifying you that your computer is infected. Every time Windows starts this fake security program runs and will start reporting fake threats.

How to Remove Windows Security 2011

1. Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
2. Download MalwareBytes to your desktop and rename it to Explorer.exe as Windows Security 2011 blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
3. Download and Run RKILL to stop all background processes related to Windows Security 2011.
4. Launch MalwareBytes and run a (Full Scan) to remove infections.
5. Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\

a.      Windows XP HOSTS File Download Link
b.      Windows 7 HOSTS File Download Link

1. Reboot your computer.

Your computer should be clean and working normal again.

Windows Security 2011 is in the same family as Security Tool and System Tool.

Related Computer Security Articles
StumbleUpon Shares Serving Up Trojans
Facebook Trojan Spreads Rapidly
Fake Antivirus Outpaces Real Antivirus

The words naked or sex are very enticing words that usually boil the testosterone in us males. Today, I received an email with a promise to show me a naked picture with a little extra. Don’t worry, I never open unsolicited email or download attachments unless it’s on my test computer which I use solely for discovering infections and learning how to remove them.

It looks like Graham Cluley over at Sophos beat me to the punch, but hey it’s a free world.

There are two versions of this email that come with the attachment of the so-called naked picture.

Version 1:

Hey! It was nice chatting with you the other day and wanted to share something with you. You will have to open the attachment to see the surprise.

Version 2:

I love wild sex and looking for a discreet partner.
I have my picture attached to this email. Take a look at it and get back if you like what you see.

If you are one of the many Neanderthal’s that roam the earth, and you opened the attachment, you now have infected your computer with a Trojan that installs a fake antivirus program.

The Trojan installs a rogue anti-virus program without the user’s knowledge or consent. Once installed, the user will be alerted with false threats on the computer. In order to remove these false threats, the user will have to pay for a full license of the software.

It’s important to never download any attachments especially those with file extensions like .exe and .zip. If you downloaded the naked picture attachment, you can remove this parasite by running both Malwarebytes and SUPERAntiSpyware. Both of these security programs come with free versions.

Related Articles
StumbleUpon Shares Serving Up Trojans
Facebook Trojan Spreads Rapidly
How to Remove SystemTool 2011
How to Remove Security Tool Virus

Over the weekend, I noticed that some pages being shared on the social network StumbleUpon have malicious code. The sites distribute a Trojan which installs a rogue anti-virus program without the user’s knowledge or consent. Once installed, the user will be alerted with false threats on the computer. In order to remove these false threats, the user will have to pay for a full license of the software. The rogue antivirus program is called MS Tool Removal which is in the same family as Security Tool Virus and System Tool.

Unfortunately, there’s no way to detect if a page is harmful from the StumbleUpon tool bar until you arrive at the site. If you have the WOT (Web of Trust) Firefox or IE add-on installed (Recommended before sharing pages), you will get a prompt that the site is rated as dangerous. This is not 100% full proof as some sites may have never been rated, therefore a user is exposed to the Trojan via Drive-by.

What’s a Drive-by? It is when a download of spyware, viruses or malware are installed on a person’s computer without a person’s knowledge.

How to remove MS Removal Tool

To remove MS Removal Tool, follow the instructions below which are the same steps in removing both Security Tool and System Tool.

1. Download MalwareBytes to your desktop and rename it to Explorer.exe as MS Removal Tool blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
2. Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
3. Run RKILL to stop all background processes related to MS Removal Tool.
4. Launch MalwareBytes and run a (Full Scan) to remove infections.
5. Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\

a.      Windows XP HOSTS File Download Link
b.      Windows 7 HOSTS File Download Link

1. Reboot your computer.

Your computer should be clean and working normal again.

For more detailed instructions, visit http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool

Related Articles
Rogueware and Fake Antivirus will Dominate in 2011
How to Remove SystemTool 2011
How to Remove Security Tool Virus

This is becoming a big problem and it’s time that Facebook step up and moderate what Apps are shared on their network. Facebook and its 600 million plus users is the perfect playground for cyber criminals to spread their malicious viruses, Trojans and Malware. The problem is users are receiving shares from friends who are unaware that the app (application) there sharing contains malicious data.

The latest app comes in the form of a “Free Gift” or “Surprise” and this app drops a Trojan on the user’s machine that launches a very nasty virus called “System Tool 2011.” If you are one of the unlucky people that got this bad boy, you are in for a lot of grief trying to remove it from your computer, but no worries, I have you covered.

It’s important that even when your friends share apps with you, don’t assume they know it’s safe. Don’t be the guinea pig, let other users allow the app and if enough time passes with no negative feedback, than I would try it out, but be careful!

How to Remove System Tool 2011

SystemTool is a rogue anti-spyware program that’s distributed via a Trojan and/or web pop-ups. The program is installed without the user’s knowledge. To remove this parasite, please follow the link below.

http://www.techjaws.com/how-to-remove-systemtool-2011/

Related Articles
Security Tool Downloads Via Fake Firefox Block Page
Security Tool Virus Spreads Via Fake Adobe Update
Security Tool Installs as a Firefox and Flash Update
Security Tool Virus Update and Removal
How to Remove Security Tool Virus

I have published more articles about Fake Antivirus than any other topic. It’s apparent why cyber criminals peddle their rogue antivirus programs, it’s because they’re making more revenue than legitimate antivirus vendors.

There are an estimated 500,000 unique fake AV binaries on the Internet today according to what was noted at RSA this year. What’s most disturbing is that the legitimate AV vendors cannot provide new virus definitions fast enough to combat these fake AV’s. One way of putting a dent into this problem is having the search engines stop indexing these web sites that are distributing rogueware.

In addition to search engines helping out, AV vendors need to be more responsive in detecting new binaries in the wild. How is it that sites like Bleeping Computer, WOT and TechJaws discover sites peddling rogueware before the legitimate AV vendors? In addition to finding these bad sites, we also provide removal instructions.

Antivirus vendors need to step it up a notch in order to outpace these cyber criminals or maybe it’s the fake antivirus programs that drive sales for legitimate security vendors. I hope it’s not the latter or we will not see the demise or decrease in fake AV programs.

Cyber criminals need to be stopped and quarantined in a 4×8 jail cell.

Related Articles
Rogueware and Fake Antivirus will Dominate in 2011
How to Remove SystemTool 2011
Google needs to clean up Paid Advertisers
Searching Virus Removal Can Lead to Bigger Problems

What’s a Drive-by? It is when a download of spyware, viruses or malware are installed on a person’s computer without a person’s knowledge. In less than a week, a couple of my friends said that their kid’s computers have been infected with a virus after they clicked on links within MySpace pages. I discovered that the links lead to malicious web sites serving up rogue antivirus programs.

The latest rogue antivirus that was discovered on one of the kid’s computers was the nasty “System Tool 2011.” System Tool or SystemTool is a rogue anti-spyware program that’s distributed via a Trojan and/or web pop-ups. The program is installed without the user’s knowledge. Once installed, the user will be alerted with false threats on the computer. In order to remove these false threats, the user will have to pay for a full license of the software.

Parents should educate their kids about online safety and why they shouldn’t click on links to web sites they’re not familiar with, regardless if the link was shared by a friend.

If you are infected by the Security Tool or System Tool, I have included 6 steps on how to remove this Rogue Security Program.

The biggest problem is the use of shortened URL services in which scammers mask the real web address by using a shortened URL. These scammers are in the business of peddling rogue software in order to make money from their victims. To reveal a shortened URL (Web Address), visit TheRealURL.

It’s important that you keep your security programs up to date. I highly recommend downloading the WOT (Web of Trust) add-on for IE and/or Firefox. The WOT add-on warns you about risky sites before you click.

Keep in mind that Drive-by infections are also very popular on Facebook and Twitter.

Be careful!

Related Articles
Security Tool Downloads Via Fake Firefox Block Page
Security Tool Virus Spreads Via Fake Adobe Update
Security Tool Installs as a Firefox and Flash Update
Security Tool Virus Update and Removal

2010 is now on the history channel, but for some, it led to cash windfalls. Hackers and cybercriminals will continue their onslaught of attacks on social networks, rogue software peddling and fraudulent web sites.

The most popular infection method of 2010 was Trojans, making up 55.91% of all infections according to Panda Labs.

Rogueware and or fake antivirus software will continue to dominate in 2011. The biggest problem is education and not with the legitimate security software people have installed on their systems. People fall too easy for this popular online scam. Once a person sees a fake scan or pop-ups in the system tray advising of a threat, they immediately panic.

The reason why your current security program does not catch, quarantine or remove these threats is because the threats are new or your security software may not be up to date.

Take the necessary steps to avoid these threats by updating your security software. Try to avoid visiting web sites you never heard of or links that are shared with you on a social network or in an email. It is very easy to visit an unknown web site and get an infection without knowing you got one.

To be sure you don’t fall victim, download the WOT add-on which shows you which websites you can trust for safe surfing, shopping and searching on the web.

Spam is still one of the most dominate forms of spreading infections and scams. You can expect it to be the top threat in 2011. There’s no end in site and by what I read from some security researches, they also expect it to exceed 2010 totals.

Cybercrime is big business and now with Facebook as the leading playground for these crooks, expect some big and nasty things to come in 2011. If you think you can’t be scammed or infected, think again, it happens to the most savvy computer people, even yours truly.

Related Articles
Why Email Spam is Big Business
How to Remove SystemTool 2011
Cyber Criminals Armed and Dangerous for 2011
10 Ways to Prevent being Scammed