This isn’t a new piece of malware, but the method it is spreading is new. This one is showing up in banner advertisements on many popular web pages including Capitol Hill Blue. I just fired of this letter to the FTC via their complaint tool:
Malware: Vista Anti-virus 2008
I am a computer professional. This is the most aggressive malware problem on the internet at this time. It is spread via a banner advertisement that does not even need to be clicked on for it to download itself and take over your Windows based PC.
The program spreads via Adobe Flash as a banner advertisement. One need only be unlucky enough to have the banner ad appear on regularly safe pages to be infected with it.
Once it downloads, it installs itself and then proceeds to lock you out of your desktop configuration. It then installs a tray application that constantly pesters you claiming there are 10,448 or some high odd number of viruses or spyware found on your computer. It claims if you pay them for the full version it can clean your computer for you.
That is the catch. Your machine isn’t really infected with anything except the Vista Anti-virus 2008 malware. It doesn’t really detect or clean anything. It is a fraud and a scam to make you part with $40.
URL’s in use by the accused include:
Vav-2008.com 188.8.131.52 (reverse trace of this IP leads to kivvisoftware.com hosted in the Ukraine.
Most of the above appear to lead to Russian hosted IP’s.
If you Google “vista antivirus 2008” you will find a large number of people are having trouble with this malware since July 2008. It’s easily one of the most prolific I’ve run across in a long time.
You can watch an infection occur and see what it does at http://www.youtube.com/watch?v=TH4CHZtn5sc Please note you no longer have to even click on a button to download and install this malware like the movie shows. It is being spread via banner advertisements on popular sites like myspace.com and others. I fear it may have made it into Google’s advertisement rotation which is very broad.
Please look into this as people are getting fleeced. And beware if you visit any of the URL’s listed if you are using a Microsoft operating system.
I nearly got this one myself right here while browsing CHB. I closed the browser as the program was downloading. My wife just ran into it on myspace.com, but because I switched her to Apple back in 2001 she was not affected.
I’ve seen this on machines running Norton, PC-Cillin, and other popular mainstream security products. Since it comes in via Flash it doesn’t matter what browser is used.
Windows users may want to turn off Adobe Flash plug-ins for the time being. Or keep a quick fixer like in the video handy.
Doug I think they are in the burstnet.com rotation if you would please relay that back to them.