youthworks
asked on
antivirus 2009 spyware and firewall solution
The spyware "Antivirus 2009" sometimes gets installed on computers in our network. We are running a Symantec antivirus product on every station and also are behind a firewall. Is there something that I can do to block at the firewall level or on each desktop? I imagine that I can purchase Malwarebytes or something and have it running as a service on each machine but that's a good sized investment.
Second, does anyone know exactly how users are getting hit with this spyware? I imagine something to do with hotmail and yahoo mail or something like that, as a few of the users involved are not techie enough to go to warez sites or places like that.
Thanks.
Second, does anyone know exactly how users are getting hit with this spyware? I imagine something to do with hotmail and yahoo mail or something like that, as a few of the users involved are not techie enough to go to warez sites or places like that.
Thanks.
ASKER
I am using a SonicWall but do not use their builtin antispyware functions. As an NPO, we get great discounts on enterprise antispyware/antivirus solutions from Symantec. If anyone knew what IP Antivirus 2009 was coming from, or IPs, or something like that, maybe that could help. No one seems to be writing enough about stopping it, only removal of it.
ASKER
Okay, I've run across some information.
Two sites that I've not plugged into my firewall as sites to block are antivirus-scanner.com and prosecurity-audit.com. Apparently these are only 2 of the places it may go to try and download A9installer_880293.exe and install it.
I also ran across this information at http://answers.yahoo.com/question/index?qid=20081116130823AAiwrmF.
The reason people get it is they allow "3rd Party Cookies" and 'Active 'X', which in this case displays some type of icon, or pop-up warning, which in reality is a 'Click-jacking' whereby the real action you perform is hidden behind the visible display; so when you tick (click) anything, the malware installs itself.
Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters.
Turn off "3rd Party Cookies", and always leave them off.
INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check 'Override automatic....'; 'Allow session cookies'; 'Allow 1st party cookies'; & 'Block 3rd Party Cookies'.
FIREFOX: Tools> Options> Privacy: here UN-CHECK 'Accept 3rd Party cookies'
OPERA, et al: not sure, check under 'options' for this.
Because architecture of the Internet (notably 'Flash' scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current 'NoScript' add-on, which will prevent "Click-jacking'.
NoScript: https://addons.mozilla.org/en-US/firefox...
Two sites that I've not plugged into my firewall as sites to block are antivirus-scanner.com and prosecurity-audit.com. Apparently these are only 2 of the places it may go to try and download A9installer_880293.exe and install it.
I also ran across this information at http://answers.yahoo.com/question/index?qid=20081116130823AAiwrmF.
The reason people get it is they allow "3rd Party Cookies" and 'Active 'X', which in this case displays some type of icon, or pop-up warning, which in reality is a 'Click-jacking' whereby the real action you perform is hidden behind the visible display; so when you tick (click) anything, the malware installs itself.
Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters.
Turn off "3rd Party Cookies", and always leave them off.
INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check 'Override automatic....'; 'Allow session cookies'; 'Allow 1st party cookies'; & 'Block 3rd Party Cookies'.
FIREFOX: Tools> Options> Privacy: here UN-CHECK 'Accept 3rd Party cookies'
OPERA, et al: not sure, check under 'options' for this.
Because architecture of the Internet (notably 'Flash' scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current 'NoScript' add-on, which will prevent "Click-jacking'.
NoScript: https://addons.mozilla.org/en-US/firefox...
ASKER
any other sites or thoughts?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have battled this problem for a few months, and the root of the problem exists because this malware exploits, the logged on user rights. If the user is local admin the Pc is vunerable to infection.
sonicwall has antivirus / antispyware functions built in.