ie8 fix
madison
Home / News & Blogs

Fake antivirus ads appear on ICQ

Elinor Mills CNET News | January 26, 2011 8:06 AM PST

Summary

A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, the instant-messaging program that is popular in Russia and Eastern Europe.

Topics

ICQ, Antivirus, Advertising, Malware Attack, Viruses And Worms, Advertising & Promotion, Security, Marketing

A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, the instant-messaging program that is popular in Russia and Eastern Europe.

The ad that showed up in the ICQ window was for a women's clothing company called Charlotte Russe, and clicking on the ad directed to the company's website, said Roel Schouwenberg, a senior antivirus researcher at Moscow-based Kaspersky. Around the same time the ad was displayed, another pop-up appeared in a new browser from 'Antivirus8', which said that suspicious activity had been detected on the system. It then encouraged the user to download the program, which is not a legitimate antivirus product, Schouwenberg said.

The malware attack is interesting for several reasons. The rogue antivirus 'scareware' appears without the user doing anything that normally triggers such pop-ups, such as clicking on malicious links in search results, he said. The attack also does not appear to have an exploit included in it; just the social-engineering aspect in which the user is lured into downloading supposed antivirus protection that is totally unnecessary, he added.

For more on this story, read Kaspersky finds fake antivirus program in ads on ICQ on CNET News.

11
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Fake antivirus ads appear on ICQ
jam_one 3rd Feb 2011
Whenever I use ICQ, it places a super hidden file in my C:\Documents and Settings\username\Cookies directory. This cookie file is called username@mail[1].txt, the contents of which are:
p
ofuBANr/8gAA
mail.ru/
2147484672
3287202560
30278015
3534327456
30131164
*
My antivirus software identifies spyware called usernameCookie.mail and deletes the cookie.

I manually deleted the username@mail[1].txt from the Cookies directory. But when I opened the "Recycle Bin" I see no file there, even though the "Recycle Bin" icon shows there is a file present. I went to empty the "Recycle Bin", and I get the "Confirm File Delete" dialog box which says: "Are you sure you want to delete 'WINDOWS'?
I am not making this up, now I am stuck as to what to do, since it seems I should no longer empty my "Recycle Bin".
There is something to this, there is some spyware/virus being placed by ICQ. I will no longer use ICQ, the people at mail.ru suck big time for placing spyware in ICQ.
View in thread
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
Loverock Davidson 26th Jan 2011
ICQ is still around?
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
nickdangerthirdi@... 26th Jan 2011
@Loverock Davidson that was the first thing I thought too, next thing you know there will be a PowWow virus...
0 Votes
+ -
This brings back memories
statuskwo5 26th Jan 2011
I used to use ICQ a lot in the past, but now the IM to use is Trillian. It supports AIM, ICQ, Yahoo, Windows Messenger, and many other messengers. That way no matter what IM your friends use you have only one installed on your machine. wink
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
jmwells21 26th Jan 2011
I had something like this pop up this past weekend. A phony spyware program totally screwed with my system and said I was infected with all sorts of rubbish, urging me to download something (which naturally, I didn't do). I had to boot in Safe Mode, find the file (thankfully it had a simple, easy-to-find-with-basic-windows-search file name), and delete it completely. Sucked because it made me lose a full paragraph of an article I was writing and took 45 minutes of my life, but there didn't appear to be any issue once the file was deleted.
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
jmwells21 26th Jan 2011
@jmwells21 I should add, the phony spyware program wouldn't let me open anything else on my system, saying they all had errors.
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
tlporter 26th Jan 2011
What do you expect:
"In April 2010, AOL sold ICQ to Mail.ru Group for $187.5 million." -Wikipedia
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
gnostication@... 26th Jan 2011
I'm surprised ICQ still exists.
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
ccfman2004 26th Jan 2011
I have been to a few websites that have ads that claim they are scanning my "C" drive. I know that it is fake since my computer does not have a "C" drive or a "D" drive or any of those letter based drive names since I run Mac OS X.
0 Votes
+ -
RE: ...scanning my "C" drive...
fatman65535 27th Jan 2011
@ccfman2004

I have had that one too!!!

It is kind of funny, since I don't have a "C" drive either.

Mine are referred to as:
/dev/sda
/dev/sdb
/dev/sdc

Then, if one were to incorporate "WindoZE" `drive letter` assumptions for partitions, I guess the 15 partitions that exist on /dev/sda would range from C to Q, the 14 partitions on /dev/sdb would range from R to Z, and need a few more letters!!!! Micro$oft should finally see the light , and get rid of those dammed drive letters. (I doubt that will ever happen.)

And, finally, for my `snark of the day`, a co-worker once asked me how I keep the direction of the "slashes" in path names 'straight'. I replied that it is simple, "Microsoft is backwards ."
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
CobraA1 27th Jan 2011
Been thinking about dropping ICQ. Nobody seems to use it anymore, and unlike any of the other IMs out there, I'm still getting spams in it.
0 Votes
+ -
RE: Fake antivirus ads appear on ICQ
jam_one 3rd Feb 2011
Whenever I use ICQ, it places a super hidden file in my C:\Documents and Settings\username\Cookies directory. This cookie file is called username@mail[1].txt, the contents of which are:
p
ofuBANr/8gAA
mail.ru/
2147484672
3287202560
30278015
3534327456
30131164
*
My antivirus software identifies spyware called usernameCookie.mail and deletes the cookie.

I manually deleted the username@mail[1].txt from the Cookies directory. But when I opened the "Recycle Bin" I see no file there, even though the "Recycle Bin" icon shows there is a file present. I went to empty the "Recycle Bin", and I get the "Confirm File Delete" dialog box which says: "Are you sure you want to delete 'WINDOWS'?
I am not making this up, now I am stuck as to what to do, since it seems I should no longer empty my "Recycle Bin".
There is something to this, there is some spyware/virus being placed by ICQ. I will no longer use ICQ, the people at mail.ru suck big time for placing spyware in ICQ.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

ie8 fix