Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Getting to the source or the problem


  • Please log in to reply

#1
sniperx

sniperx

    New Member

  • Member
  • Pip
  • 4 posts
I recently was infected with one of the recent nasty hijackers from winfixer..

What surprised me is this hijacker comes right from the winfixer’s own website.
http://members.mscwa...nfixervirus.jpg

Ever wonder where all these winantivirus,winfixer maleware problems originate from? After all, you get this without any consent whatsoever, and you now can’t easily get rid of it,, slows down your system, redirects you etc.. one would think you were talking about an underground elite virus writer on the run—but I found this all stems from a “legit” company that does this with impunity.

Look around and you’ll see this is a nasty one everyone is getting. I found out Winfixer is just one of other software products sold by the company “winsoftware”. Winfixer’s site itself installs a blatant maleware with the purpose of slowing down you system and trying to get you to buy the “winfixer” antispam/popup program.

I was surprised to find the company acts with impunity to use every non-legit tactic (and illegal in some countries) including phishin,squatting, and what I call HijackerVirus’s that they give you right off their own site.

I research into the company that makes winfixer, “winsoftware” and find they are listed to be Liverpool UK.
http://www.downloadj...any/store/8661/

Upon researching this. The company doesn’t exist and never has in Liverpool. I do international directory assistance and company profile searches for them.. they don’t exist.

Read through and find their claims very suspicious to say the least.. I reverse lookup their domain and find it registered in the Kieve Ukraine (not a good sign)
http://www.dnsstuff......ntivirus.com/


So at this point we have a company that uses every deceit and even installs outright hijacking malware. As I begin searching, I find post after post on various sites of horror stories from this company and other hijackers that try to get you to buy their other software like “winantivirus”

http://www.dslreport...oot=scambusters and
http://www.tek-tips.....cfm?qid=744567 all showing problems.

Whats amazing is how complex this organization is. They infect countless machines with malware with absolute impunity while being anonymous. It’s a very disturbing trend that simply operating offshore gives a company impunity to do anything it wants and things that by common sense would (or are) illegal. I think we used to call that organized crime.. now it’s just business as usual on the net.. I hope someday we will be able to go after the source rather then clean up their attacks.

sniperx
  • 0

Advertisements


#2
cleverboy12

cleverboy12

    Member

  • Member
  • PipPipPip
  • 687 posts
Very interesting research done with great computer skills.

I would like to see what everyone else here on Geekstogo thinks about this !
  • 0

#3
fleamailman

fleamailman

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,383 posts
Really good research.
If you can prove the trail, interpol would be interested, better now to go silent about this topic and contact them, also, you do not want to bring attention to yourself and I advise anyone who wishes to take up this matter to do the same. You can imagine what you might be up against here.
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I'm afraid you'll get the usual reply: it was a bad apple among our affiliates

I can't even begin to imagine why a company would consider it good to be associated with the malwares that are pushing them.
But they'll probably be back next month with their next "product" and this one is discarded.

The circle of (pushware)-life.
  • 0

#5
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
I'm afraid this is an all too common of occurrence. Do a little research on Cool Web Search. It's not just Ukrainians, some very large Silicon Valley venture capitol firms in the US have invested heavily in companies that author and distribute spyware. The money involved can be staggering. Capitalism at its worst I'm afraid.
  • 0

#6
sniperx

sniperx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
My point, where does it all end? If we are only reactive to this we are always behind the curve. A year ago I was amazed when becoming receiving a hijacker through an infected site. This year a business site themselves infect you! They "winsoftware", for instance have an alliance program that pays webmasters to direct you to their site and have their hijacker installed.

I can't emphasize enough these Hijackers are always one step ahead of legit AV and Anti adware groups. And these breed of hijackers seem to be becoming more and more harmful.. While the hijacker is not classified technically as a virus, they can be as or much more damaging then the majority of viruses. The difference is Hijackers are legal outside the US.

Check this link out,, http://www.spywarewa...nti-spyware.htm

there are over 200 rogue anti-spyware and less then half a dozen legit ones. Winsoftware seems to be the most embolden and pushing the envelope with it's marketing tactics and recent Hijacker.. but where does it end? when you have 100's of these outfits all having thousands of links that will install a Hijacker on your system making the internet an utter midfield? You laugh or shake your head,, but with almost total impunity and the money incentive.. Id argue that’s where this will take us.

This latest winfixer Hijacker wasn't stopped by the most recent IE patches, antivirus defs, adaware,spybot.. just like the next cycle won't be and on and on.. and when you have 100's of Guys in the Ukraine or wherever with nothing to loose and lots of hacking skills.. where will that lead us to? Not to be a doom/n/gloom but concerned.

It’s great having helpful people like the Geeks/go anti-malware staff but how many computer users are going to know to sift through hijackthis log files or can stand through a series of 20 step do this do that deep system modifications?

My point is not to be doom/n/ gloom but iv gotten a wake up this eventually isn't going to be fought/won in geeks to go spots.. the battle is already lost if that's our only avenue..

That said, thank god we do have help like this.. fortunate we are to at least know to find this..
At this rate, eventually the net will be crippled to the point only the most elite/knowledgeable will be able to use.. in essence.. coming full circle..

Edited by sniperx, 13 September 2005 - 01:28 PM.

  • 0

#7
sniperx

sniperx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The FTC goes after these companies,, (but only domestic I believe)

here is one example

http://www.ftc.gov/o...comp0423142.pdf

you can issue a complaint at.

https://rn.ftc.gov/pls/dod/wsolcq$.sta...Z_ORG_CODE=PU01
  • 0

#8
sniperx

sniperx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
High Tech Organized Crime..

Extortion...


When you begin digging on the current trends (winsoftware for example)

Seeing the case discribed .. and knowing how winfixer (winsoftware) company do business.. they load up a hijacker malware off their own site .. pops up tons of false positirves about how scrwed up your system is and then thier trojan downloader slows down your machine when browsing... with the constant "your system is seroiusly infected we recomend winfixer to fix this..

People by now recognize the two are linked.. that thier machine is suddenly acting very slow with popops and a hijaced browser and the message to get winfixer to remedy it. Realize we are no longer talking about malware/advertisement.. Winsoftware and such companies by making extremely difficult to remove malware/hijackers with the popups to buy their product to remove them have now crossed the line into outright extortion.. This is and will become more and more the trend I predict.

there are known cases now of hackers using Denial of Service attacks that can't be defeated (drones that send legitimate traffic) and send an extorion letter to the company they are attacking.. Pay us a ransom and this will go away..

Thats basicaly all this winfixer is...an extortion..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP