These two messages appeared on the Spatialite mailing list today:
From: stefanobartol87453@gmail.com
Subject:Where can I find an online anti-virus that doesn’t install on your PC?
I’ve got 5 PCs that I’m trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the PCs won’t fix them or give me the admin password (Win XP) to let me install a new or updated antivirus the centre is being shut down in afew months.
If they were working, I could still do a lot with them, so I’ve been looking for a good online virus scan – but they all try to download a little .exe onto your PC first, and the settings on the PCs won’t allow that.
Suggestions? Solutions? Links?
The alleged reply:
From: schinicamiyake54418@gmail.com
To: Where can I find an online anti-virus that doesn’t install on your PC?
>so I’ve been looking for a good online virus scanI usually use this one http://pmcware.conartists/freedowns
That site (address altered to protect the vulnerable) is most definitely not hosting anti-virus. In fact it’s certainly hosting malware. The page claimed that it found ‘Nuker.Win32.CGSi’ in ‘C:\WINDOWS\system32′, on my Linux laptop.
Given the site, the similarity of the email addresses, and the impossibility of a request (virus scan without any download) – I think both messages are part of the same phishing attempt. Which makes this the first time I’ve seen a spammer have a conversion with them-self.
Interesting, the same mails appeared yesterday on the Gnome Do list. The senders were different (seraklamm69623@gmail.com and javiercoufal22053@gmail.com), but the content is exactly the same. It seems that the enemy is becoming smarter…
If you put the text into google there are lots of hits, one of them being Yahoo answers.
http://tinyurl.com/ya7gwwu (http://uk.answers.yahoo.com/question/index;_ylt=AhHqDD0QSO2upwtaeGiejfPeMBV.;_ylv=3?qid=20090921021907AArNZwx&show=7#yan-answers)
I wonder if this is a hoax based on an original genuine question? The ’smart’ thing for the phisher to do, as the asker, would be to recommend the malware website as the best answer, but it doesn’t look like they have.
The question does sound reasonable to me. In fact I asked myself precisely the same question some not-so-long time ago. Trend Micro used to provide an online scan that both (1) works and (2) does not require you to download an exe file. Now the new version requires you to download an exe file, which I don’t want. So I would instinctively feel that the question is legit and has come from a former “Housecall” user…
Dougie and ambrose, I agree the question has probably been copied from a genuine enquiry. If the Trend Micro online scan worked as you recall, there was probably an Active-X control involved. The effect is the same as downloading a .exe, a program is downloaded from the website, and runs on your computer.
I suggest Avast! anti virus and using a better web browser, such as Firefox or Google Chrome . If you must use Internet Explorer, please upgrade to version 8.0.
Yes, correct. They either required you to download an ActiveX control or a Java applet, and I agree that downloading ActiveX is just as dangerous as downloading an exe, but since it is Trend Micro we trusted it. But the point is that the hoax email specifically mentions that the administrator does not allow installation of exe files (which would indeed be a valid concern for a “small centre” because the computer would probably be donated and they probably would have no spare licenses to reinstall Windows); there is no such admin control for ActiveX so the hoax would still sound legit at first glance.
BTW, in our case since we do have admin access we just switched to a free scanner (that requires installation).