Jump to content
Sign in to follow this  
greenknight

Spybot Update Hacked?

Recommended Posts

A little while ago I installed a Spybot S & D update, and after I clicked "Immunize" a warning popped up from MSAS. It said that the site syserrors.com was asking to be added to the IE Trusted Sites zone.

Of course, I blocked it. Then I searched to find out what that is, finding a number of posts on security forums from others who'd had the same experience. I also had a look at syserrors.com itself. The site tries to look like an official MS site, it has the Windows Security Center shield and the words "Security Center" at the top of the page.

It has a very elaborate and detailed "Spyware Alert" (it lists your OS, browser ID and IP address, and an IP adress of a supposed remote computer that's controlling your computer), and tries to get you to install an "official anti spyware program" (Spy Axe, Spy Trooper, World Antispy or Raze Spyware).

I haven't yet checked out the threat level of those programs, but I have no doubt they all contain hijackers. I did find a thread on one forum where somebody was seeking help because Spy Axe had hijacked their machine and kept redirecting them to syserrors.com. It seems it's pretty hard to remove.

I've never heard of a malware attack quite like this one before, is this a first?

Share this post


Link to post
Share on other sites

I wasn't worried, it looks like the whole point was to trick unsophisticated users into downloading their spyware.

I don't add anything to IE's Trusted Sites list, and I rarely use IE anyway, I use Firefox. I was a little shocked that they managed to insert their poison pill in Spybot's update, but I suppose I shouldn't have been.

Share this post


Link to post
Share on other sites

Googled

lol.

Security Center

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC ...

www.syserrors.com/

I had no problems with MSAS Real Time Agent and Spybot's defs/immunization database.

Share this post


Link to post
Share on other sites

Googled

lol.

Security Center

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC ...

www.syserrors.com/

I had no problems with MSAS Real Time Agent and Spybot's defs/immunization database.

I'd find it funny, too, except I know that some poor, ignorant saps are being tricked into downloading crap from that site.

<edit> I checked out those programs on Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites: http://www.spywarewarrior.com/rogue_anti-s...re.htm#products

To my surprise, only 3 out of the 4 were associated with hijacks. Spy Trooper is actually the same app as SpySheriff, which is just a crappy prog that uses aggressive and deceptive advertising, and has some reported stealth-installs.

syserrors.com wasn't on their list, but their forum has some posts that mention them; the majority were people posting HijackThis logs, because they had a hijacker that kept redirecting them to that site.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×