Slideshow

One of the world’s most prolific botnets and a leading source of spam, denial of service attacks and malware, Pushdo was brought down by researchers at the security firm Last Line of Defense, who worked with hosting providers to seize 30 command-and-control servers involved in the botnet. Subsequent analysis of the seized botnet data shows the botnet showed that the seized servers –responsible for just part of the entire botnet –  sent more than 1.7 trillion spam emails between June 2009 and August 2010.

By the time U.S. Marshals, in the company of Microsoft Corp. attorneys, busted into the data centers of dozens of U.S. hosting firms to shut down the Rustock botnet in March, 2011, it was the main source of global spam. The takedown was notable for the success Microsoft had in using the courts to move against the hosters without prior warning that would allow the botnet operator to shift operations off the threatened infrastructure.

Rogue antivirus and scareware typically requires user interaction to get a toe hold on victims’ computers. Users can protect themselves by steering clear of suspicious or merely opaque links (such as the shortened links common on Twitter and other social media platforms). Beware of pop-up ads warning of infections or offering free virus or hard drive scans – these are commonly associated with scareware. If such a message appears, close the pop up window, but do not click within the pop-up ad, and you’ll be less likely to suffer a scareware attack!

With your machine disinfected, take a few moments to update your operating system software and any third party applications to their latest (and most secure) version. Rogue antivirus and scareware programs are usually delivered as drive by downloads spawned by malicious Web sites. These leverage holes in Windows, common Web browsers or browser plugins, or common applications like Adobe Acrobat to bypass your computer’s security systems. Updating the software on your system can close that avenue of attack.

Once the scareware has been removed from your system, (re)install a reputable anti virus software package then use it to scan and clean your machine, once again. Scareware and rogue antivirus programs will often download and install other kinds of malicious programs while they have control of your system, including rootkits and keylogging programs. Make sure any secondary infections have been removed.

If automated removal fails, you may have to roll up your sleeve and attempt to manually remove the scareware from your system. This isn’t a straight forward process, and will vary depending on what kind of scareware and malware program(s) have been installed. However, if you know what has infected your computer, various tutorials are available online, at Websites and user forums like bleepingcomputer.com.

Fortunately for you, there are both free and premium tools available online that will detect and remove rogue antivirus and scareware programs. Kaspersky Lab (which owns Threatpost) offers the free Kaspersky Removal Tool for this purpose. Others are Hijackthis from Trend Micro, MBAM, offered by bleepingcomputer.com and so on. If you were running antivirus software, that was disabled by the scareware, try reinstalling it on the infected system using the installation disk.