A new adware variant urges users to buy the software to disi

05/05/2005. PandaLabs reports the appearance of a new variant of the adware application Adware/Topspyware, a malicious program designed to urge users to visit a security software website where they can get a solution to disinfect this malware, after paying a certain fee.

This adware cannot spread on its own, but is one of the various programs installed on computers when users visit web pages infected by other types of malware, such as Cool Web Search (CWS), usually Adware/CWS.YEXE or Adware/CWS.Searchmeup.

Once it has been installed, it is easy for users to realize they have been infected, as this malicious code has very clear symptoms. On the one hand, it displays an icon in the system tray, which constantly switches between a question mark and the Windows Update icon. A fake virus alert is also displayed along with this icon. What’s more, it changes the color of the Windows desktop to bright red and includes a warning that the PC is infected. In order to carry out these actions, this malware modifies the Registry key for the system tray icon and creates a key to change the desktop, as well as activating Active Desktop.

Both the icon and the desktop are links that, when accessed, take the user to a web page that offers several programs for disinfecting this variant, for a fee. “If these programs are in fact commercial programs, users will have been fraudulently taken to this website, coerced into looking for a solution to the infection, when simply updating their antivirus protection will resolve the problem, for free,” explains Luis Corrons, director of PandaLabs.

To prevent Adware/Topspyware or any other malicious code from getting into computers, Panda Software advises all users to keep their antivirus software updated. Panda Software has already made the corresponding updates to detect and eliminate this new malicious code available to clients.

Panda Software’s clients can already access the updates for installing the new TruPrevent™ Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent™ Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection.

In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge, ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can obtain the free HTML code.

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software´s website and complete the corresponding form.

For further information about these and other malicious code, visit Panda Software’s Virus Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/

About PandaLabs

On receiving a possibly infected file, Panda Software´s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/.

Oxygen3 24h-365d, by Panda Software
© Panda Software 2003

2005-05-06 12:04

Back

IT News: