Xpantivirus attacks
Posted by John McHale
I got hit yesterday with a virus my IT guy hadn't seen before. Called the Xpantivirus, it fools you into thinking it's an antivirus software application that caught some spyware on your system and wants you to download the solution.
It had me till the download part. I thought that looks weird, called my IT guy and he said I dodged a bullet by not downloading. If I had it would've opened up a path for all sorts of malware, porn, and other crap to get into my computer.
So this is a little friendly warning in case any of you come across it. I got hit with it while surfing the web looking for information for a story.
My IT department provided the definition of the threat below.
Description: Xpantivirus is a rogue security tool, a program that claims to detect and remove or disable spyware, viruses, or other Internet threats. However, its capabilities are limited, and the tool may actually function as spyware or adware. This rogue anti-spyware tool often tricks users into purchasing. Trojan horse programs may force installs of Xpantivirus or make the application difficult to remove. It can be distributed through exploits particularly, the Vcodec vendor, which tricks user with Windows Media player codecs and forces an install.
Vendor: Xpantivirus.com
Threat level: medium risk
Xpantivirus characteristics: displays ads; hijacks internet browser; downloads unsolicited files; exploits a security flaw; distributes threats; installs without user consent; and makes fraudulent claims about spyware detection and removal.
Keep your eyes open.
I got hit yesterday with a virus my IT guy hadn't seen before. Called the Xpantivirus, it fools you into thinking it's an antivirus software application that caught some spyware on your system and wants you to download the solution.
It had me till the download part. I thought that looks weird, called my IT guy and he said I dodged a bullet by not downloading. If I had it would've opened up a path for all sorts of malware, porn, and other crap to get into my computer.
So this is a little friendly warning in case any of you come across it. I got hit with it while surfing the web looking for information for a story.
My IT department provided the definition of the threat below.
Description: Xpantivirus is a rogue security tool, a program that claims to detect and remove or disable spyware, viruses, or other Internet threats. However, its capabilities are limited, and the tool may actually function as spyware or adware. This rogue anti-spyware tool often tricks users into purchasing. Trojan horse programs may force installs of Xpantivirus or make the application difficult to remove. It can be distributed through exploits particularly, the Vcodec vendor, which tricks user with Windows Media player codecs and forces an install.
Vendor: Xpantivirus.com
Threat level: medium risk
Xpantivirus characteristics: displays ads; hijacks internet browser; downloads unsolicited files; exploits a security flaw; distributes threats; installs without user consent; and makes fraudulent claims about spyware detection and removal.
Keep your eyes open.
John Keller is editor-in-chief of Military & Aerospace Electronics magazine, which provides extensive coverage and analysis of enabling electronic and optoelectronic technologies in military, space, and commercial aviation applications. A member of the Military & Aerospace Electronics staff since the magazine's founding in 1989, Mr. Keller took over as chief editor in 1995.
