Jump to content

Spybot Update Hacked?

greenknight

By greenknight
in Software

 Share

Recommended Posts

greenknight Mentor

greenknight

Posted
Posted

A little while ago I installed a Spybot S & D update, and after I clicked "Immunize" a warning popped up from MSAS. It said that the site syserrors.com was asking to be added to the IE Trusted Sites zone.

Of course, I blocked it. Then I searched to find out what that is, finding a number of posts on security forums from others who'd had the same experience. I also had a look at syserrors.com itself. The site tries to look like an official MS site, it has the Windows Security Center shield and the words "Security Center" at the top of the page.

It has a very elaborate and detailed "Spyware Alert" (it lists your OS, browser ID and IP address, and an IP adress of a supposed remote computer that's controlling your computer), and tries to get you to install an "official anti spyware program" (Spy Axe, Spy Trooper, World Antispy or Raze Spyware).

I haven't yet checked out the threat level of those programs, but I have no doubt they all contain hijackers. I did find a thread on one forum where somebody was seeking help because Spy Axe had hijacked their machine and kept redirecting them to syserrors.com. It seems it's pretty hard to remove.

I've never heard of a malware attack quite like this one before, is this a first?

Link to comment
Share on other sites
greenknight Mentor

greenknight

Posted
  • Author
Posted

I wasn't worried, it looks like the whole point was to trick unsophisticated users into downloading their spyware.

I don't add anything to IE's Trusted Sites list, and I rarely use IE anyway, I use Firefox. I was a little shocked that they managed to insert their poison pill in Spybot's update, but I suppose I shouldn't have been.

Link to comment
Share on other sites
  • Administrator
Tarun Grand Master

Tarun

Posted
  • Administrator
Posted

Googled

lol.

Security Center

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC ...

www.syserrors.com/

I had no problems with MSAS Real Time Agent and Spybot's defs/immunization database.

Link to comment
Share on other sites
greenknight Mentor

greenknight

Posted
  • Author
Posted

Googled

lol.

Security Center

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC ...

www.syserrors.com/

I had no problems with MSAS Real Time Agent and Spybot's defs/immunization database.

I'd find it funny, too, except I know that some poor, ignorant saps are being tricked into downloading crap from that site.

<edit> I checked out those programs on Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites: http://www.spywarewarrior.com/rogue_anti-s...re.htm#products

To my surprise, only 3 out of the 4 were associated with hijacks. Spy Trooper is actually the same app as SpySheriff, which is just a crappy prog that uses aggressive and deceptive advertising, and has some reported stealth-installs.

syserrors.com wasn't on their list, but their forum has some posts that mention them; the majority were people posting HijackThis logs, because they had a hijacker that kept redirecting them to that site.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...