Post by **Auria (etc)** on Jun 25, 2010 16:25:32 GMT -5
I know this is like totally (did I really just say "like totally"??) off topic, but I thought I recalled that some of you have DeviantArt accounts. I know that we'd have appreciated knowing about this ahead of time ... thought I'd warn you.
DeviantArt is of course ad-driven, However, it seems that they do not screen their advertisers. Last night my son and I spent about four hours getting a trojan, in the guise of a fake antivirus program, off his system. It was (no doubt about it, he watched it happen, helpless to stop it) picked up through an ad on the DeviantArt site.
While researching how to get rid of this mess for him, I discovered that people have been reporting these infected false antivirus ads and trojan infections since *late 2008*. DeviantArt knows all about it and has apparently done nothing to stop it. They continue to accept these "advertisers" money, knowing full well that they are trojan horses connected to credit card fraud schemes (the fake pop ups warn you that you're infected and persist, taking over your browser, rerouting it through a proxy, so that the only site any browser on the system will load is theirs ... where they tell you that you have to pay them to clean the virus off your system).
My son's computer is protected by a well-respected antivirus system, which did not detect the trojan, not even when he rebooted to safe mode and did a full system scan. It was on that program's help forums that we were instructed to download and run another malware program (MalwareBytes), which did find the scattered virus files and cleaned the system.
In order to get that far, he had to load his task manager immediately upon boot up and kill the process that was taking over the system. We were told to look for a random string of letters, killed that process, and it worked.
The trojan emulated a legitimate protection program's icon, in this case Windows Security Center. I'm sure this has fooled enough people into clicking the links to "clean their system" ... the fact that DeviantArt is a paid conspirator doesn't help.
According to the research I found, a number of people had the same problem hit them through GaiaOnline.
I've deleted my own DeviantArt account today, and let them know why in no uncertain terms. Most people who reported this issue to dA have said that they never received a response. I also saw one person say that s/he was told to "upgrade to a premium account to remove the ads".
Extortion, 21st Century Style.
Just thought I'd pass along the warning.
Oh, an afterthought. This trojan is *java* driven, and not Windows specific. I found reports of Linux/Ubuntu users being hit. If Ubuntu is vulnerable, it's probable that Macs are as well. I'll have to do some more searching to see if anyone with a Mac reports an attack. It makes sense that any computer that runs java would be open to this thing.
DeviantArt is of course ad-driven, However, it seems that they do not screen their advertisers. Last night my son and I spent about four hours getting a trojan, in the guise of a fake antivirus program, off his system. It was (no doubt about it, he watched it happen, helpless to stop it) picked up through an ad on the DeviantArt site.
While researching how to get rid of this mess for him, I discovered that people have been reporting these infected false antivirus ads and trojan infections since *late 2008*. DeviantArt knows all about it and has apparently done nothing to stop it. They continue to accept these "advertisers" money, knowing full well that they are trojan horses connected to credit card fraud schemes (the fake pop ups warn you that you're infected and persist, taking over your browser, rerouting it through a proxy, so that the only site any browser on the system will load is theirs ... where they tell you that you have to pay them to clean the virus off your system).
My son's computer is protected by a well-respected antivirus system, which did not detect the trojan, not even when he rebooted to safe mode and did a full system scan. It was on that program's help forums that we were instructed to download and run another malware program (MalwareBytes), which did find the scattered virus files and cleaned the system.
In order to get that far, he had to load his task manager immediately upon boot up and kill the process that was taking over the system. We were told to look for a random string of letters, killed that process, and it worked.
The trojan emulated a legitimate protection program's icon, in this case Windows Security Center. I'm sure this has fooled enough people into clicking the links to "clean their system" ... the fact that DeviantArt is a paid conspirator doesn't help.
According to the research I found, a number of people had the same problem hit them through GaiaOnline.
I've deleted my own DeviantArt account today, and let them know why in no uncertain terms. Most people who reported this issue to dA have said that they never received a response. I also saw one person say that s/he was told to "upgrade to a premium account to remove the ads".
Extortion, 21st Century Style.
Just thought I'd pass along the warning.
Oh, an afterthought. This trojan is *java* driven, and not Windows specific. I found reports of Linux/Ubuntu users being hit. If Ubuntu is vulnerable, it's probable that Macs are as well. I'll have to do some more searching to see if anyone with a Mac reports an attack. It makes sense that any computer that runs java would be open to this thing.