Linked by David Adams on Fri 25th Sep 2009 16:17 UTC
Bugs & Viruses A non-OSNews-reader asks: "I've got 5 PCs that I'm trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the PCs won't fix them or give me the admin password (Win XP) to let me install a new or updated antivirus. The centre is being shut down in a few months. If they were working, I could still do a lot with them, so I've been looking for a good online virus scan - but they all try to download a little .exe onto your PC first, and the settings on the PCs won't allow that. Suggestions? Solutions? Links?" Read on for our recommendation. Update: It appears that this question is part of an elaborate email scam designed to propagate malware. See here for details.
Thread beginning with comment 386379
To read all comments associated with this story, please click here.
The original email was spam
by kbloodstone on Sat 26th Sep 2009 05:07 UTC
kbloodstone
Member since:
2009-06-03

I received the exact same email through a mailing list I subscribe to. This list is fairly small, and the sender was a new member.

Several people replied with suggestions.

Suddenly, out of the blue, another new member popped up, and suggested some unknown online scanner.
Since I run Linux, I checked it out without worries.
That "online scanner" showed right away an animation of a scan running on my machine, within seconds, and showed me several infections in my C;, D;, and Windows system folder.
Since I run Linux, that's just absolutely impossible, of course.

Then it suggested I download a file "OnlineScan345346.exe", and very helpfully proceeded to open the download request for me.

It's a trojan, and a very new and nasty one at that. I have downloaded already 2 variants of it from the same place on 2 different computers. I have submitted them to Avira (which is what I use on Windows), and hopefully it will become better known soon.

That said, advice on cleaning viruses is always welcome, so the discussions on this article are useful for a lot of people anyway. So no harm done, unless you clicked on the second fake mailing list member's advice.

My advice for this is to use the Avira Rescue CD:
http://www.free-av.com/en/products/12/avira_antivir_rescue_system.h...
F-Secure also makes a really good rescue CD:
http://www.f-secure.com/linux-weblog/

Reply Score: 2

Bobthearch Member since:
2006-01-27

Yep. Spam. And OS News fell for it.

Google for the first few sentences of the message in quotes. You'll see this has been posted word-for-word dozens of times on online forums.

"I've got 5 PCs that I'm trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the PCs won't fix them or give me the admin password (Win XP) to let me install a new or updated antivirus. "

Reply Parent Score: 2

RE: The original email was spam
by David on Mon 28th Sep 2009 17:44 in reply to "The original email was spam"
David Member since:
1997-10-01

It actually kind of makes my day to find out that I fell for an elaborate spam scheme. I still think that this made a pretty good Ask OSNews topic, though, because I can't tell you how many people I know have computers that barely work because of malware, and operating systems are such a mystery to them that they don't feel empowered to do anything about it. I thought that the advice that the readers gave was knowledgeable, creative, and helpful.

The reason I'm so happy to have been taken in by this scam is that it's been a very long time since I've seen an email-based scam that wasn't totally transparent to me. Posting an earnest-sounding query to an online forum intending to go back and suggest a malware-infected download to trick other people is really a quite brilliant idea. I guess it just goes to show you, just because someone on the internet says to do something, that doesn't mean it's a good idea.

Reply Parent Score: 1