Fake antivirus ads appear on ICQ

Fake antivirus ads appear on ICQ

Summary: A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, the instant-messaging program that is popular in Russia and Eastern Europe.

SHARE:
TOPICS: Security
11

A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, the instant-messaging program that is popular in Russia and Eastern Europe.

The ad that showed up in the ICQ window was for a women's clothing company called Charlotte Russe, and clicking on the ad directed to the company's website, said Roel Schouwenberg, a senior antivirus researcher at Moscow-based Kaspersky. Around the same time the ad was displayed, another pop-up appeared in a new browser from 'Antivirus8', which said that suspicious activity had been detected on the system. It then encouraged the user to download the program, which is not a legitimate antivirus product, Schouwenberg said.

The malware attack is interesting for several reasons. The rogue antivirus 'scareware' appears without the user doing anything that normally triggers such pop-ups, such as clicking on malicious links in search results, he said. The attack also does not appear to have an exploit included in it; just the social-engineering aspect in which the user is lured into downloading supposed antivirus protection that is totally unnecessary, he added.

For more on this story, read Kaspersky finds fake antivirus program in ads on ICQ on CNET News.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • RE: Fake antivirus ads appear on ICQ

    ICQ is still around?
    Loverock Davidson
    • RE: Fake antivirus ads appear on ICQ

      @Loverock Davidson that was the first thing I thought too, next thing you know there will be a PowWow virus...
      nickdangerthirdi@...
  • This brings back memories

    I used to use ICQ a lot in the past, but now the IM to use is Trillian. It supports AIM, ICQ, Yahoo, Windows Messenger, and many other messengers. That way no matter what IM your friends use you have only one installed on your machine. ;-)
    statuskwo5
  • RE: Fake antivirus ads appear on ICQ

    I had something like this pop up this past weekend. A phony spyware program totally screwed with my system and said I was infected with all sorts of rubbish, urging me to download something (which naturally, I didn't do). I had to boot in Safe Mode, find the file (thankfully it had a simple, easy-to-find-with-basic-windows-search file name), and delete it completely. Sucked because it made me lose a full paragraph of an article I was writing and took 45 minutes of my life, but there didn't appear to be any issue once the file was deleted.
    jmwells21
    • RE: Fake antivirus ads appear on ICQ

      @jmwells21 I should add, the phony spyware program wouldn't let me open anything else on my system, saying they all had errors.
      jmwells21
  • RE: Fake antivirus ads appear on ICQ

    What do you expect:
    "In April 2010, AOL sold ICQ to Mail.ru Group for $187.5 million." -Wikipedia
    tlporter
  • RE: Fake antivirus ads appear on ICQ

    I'm surprised ICQ still exists.
    gnostication@...
  • RE: Fake antivirus ads appear on ICQ

    I have been to a few websites that have ads that claim they are scanning my "C" drive. I know that it is fake since my computer does not have a "C" drive or a "D" drive or any of those letter based drive names since I run Mac OS X.
    ccfman2004
    • RE: ...scanning my "C" drive...

      @ccfman2004

      I have had that one too!!!

      It is kind of funny, since I don't have a "C" drive either.

      Mine are referred to as:
      /dev/sda
      /dev/sdb
      /dev/sdc

      Then, if one were to incorporate "WindoZE" `drive letter` assumptions for partitions, I guess the 15 partitions that exist on /dev/sda would range from C to Q, the 14 partitions on /dev/sdb would range from R to Z, and need a few more letters!!!! Micro$oft should <i>finally see the light</i>, and get rid of those dammed drive letters. (I doubt that will ever happen.)

      And, finally, for my `snark of the day`, a co-worker once asked me how I keep the direction of the "slashes" in path names 'straight'. I replied that it is simple, <b>"Microsoft is <u>backwards</u>."</b>
      fatman65535
  • RE: Fake antivirus ads appear on ICQ

    Been thinking about dropping ICQ. Nobody seems to use it anymore, and unlike any of the other IMs out there, I'm still getting spams in it.
    CobraA1
  • RE: Fake antivirus ads appear on ICQ

    Whenever I use ICQ, it places a super hidden file in my C:\Documents and Settings\username\Cookies directory. This cookie file is called username@mail[1].txt, the contents of which are:
    p
    ofuBANr/8gAA
    mail.ru/
    2147484672
    3287202560
    30278015
    3534327456
    30131164
    *
    My antivirus software identifies spyware called usernameCookie.mail and deletes the cookie.

    I manually deleted the username@mail[1].txt from the Cookies directory. But when I opened the "Recycle Bin" I see no file there, even though the "Recycle Bin" icon shows there is a file present. I went to empty the "Recycle Bin", and I get the "Confirm File Delete" dialog box which says: "Are you sure you want to delete 'WINDOWS'?
    I am not making this up, now I am stuck as to what to do, since it seems I should no longer empty my "Recycle Bin".
    There is something to this, there is some spyware/virus being placed by ICQ. I will no longer use ICQ, the people at mail.ru suck big time for placing spyware in ICQ.
    jam_one