Monday, January 09, 2006

SpywareStrike: Latest Rogue on The Net

Fix referenced below updated Jan. 11 6PM MST

The latest rogue anti-spyware application has hit the Net, and it's called SpywareStrike.

Infected users began to get popups and redirects with their browsers along with an annoying taskbar popup indicating an intrusion.......yeah, no kidding!! Redirects were taking users to securitycenterDOTcom. This was one of several malware installing websites added to a new batch recently found by
Sunbelt Software

At first check, nothing could be found on this new variant of what turned out to be a clone of
SpyAxe. Spyware Confidential blogged the details of it's ownership, once again, an offshore group cashing in. It was quickly added to Rogue\Suspect Anti-Spyware List.

By the following morning the forums were beginning to get flooded by users, all having the same symptoms. Frustration, anger and rage were the typical reactions.

But there was another reaction as well. This came from a group of users who's determination equally matches if not surpasses the determination of the writers of malware,
ASAP members. They quickly sprang into action, using a network of backrooms where experts talk about and search for files, locate Windows registry points and other aspects of malware installations.

In just under 24 hours, with the help of users in security forums, they had found the newest files which were being hidden to prevent the infection from being easily removed. After the new files were dissected and evaluated, a way to find them was developed and instituted into the fix which had already been set up for

By Saturday morning the fix was a raging success. Users were able to reclaim their machines and carry on with the usual Net activities they enjoy and they had also gained some basic knowledge in security to help prevent these kinds of intrusions from happening again.

36 hours after SpywareStrike was first uncovered, the fix from SpyAxe was modified and the Net is safe yet again for users throughout the world. You can find Nick's removal instructions

That's what I call results.

If your uncomfortable trying the fix without some guidance, feel free to
join my forum and post a HijackThis! logfile for me to analyse.

No comments: