Warning

[Bill Henry]

I was trying to access my Photobucket account a few minutes ago (Through Firefox, Mac OS 10.4.11) and I got a very Windows- looking screen saying that my system was infected with multiple trojan horses.

Without any prompting, it appeared to scan my system and came up with three files it claimed to be infected.

The problem was that it referred to my C: and D: “partitions” (I don’t know the right terminology - drives, maybe?) which a Macintosh computer doesn’t have. It then prompted me to download an “.exe” file, which, of course, a Mac cannot use.

I tried to bail out by pressing the “Cancel” button, but it wouldn’t let me. I tried to return to Firefox, but kept getting the same “Download” window. I finally had to “Force Quit” to return to normal.

I don’t know if the problem was with Firefox or Photobucket, but I very strongly suspect that this .exe file they demanded that I download was, itself, a virus or a trojan.

I haven’t seen any CERT warning about this, but for you PC users I would be extremely suspicious about that file. I would suggest that before you download and “execute” this file, you check with your virus software people or Microsoft itself. It may be too new for them to have responded yet.

[Merlin]

Thank you for that Bill..

[Dermot]

Bill

Is this the same thing they were talking about on the G a week or so ago....

Mike posted a malware download that appeared to sort things...

http://www.thegrumble.com/showthread.php?t=36672

[Bill Henry]

Dermot, this appears to be a little different than the one Kathy reported.

I don’t have AVG installed on my computer. Her computer appeared to be infected for real.

I was able to snag the URL from the initial Pop-Up screen. It is <http://antispywareprolivescan.com/promo ... u=77075648>, but it definitely originated from Photobucket. Paul Nahas on the Grumble got the same "notice".

On closer inspection it appears to be an advertisment for “antispywareprolivescan.com” which has been reported by several companies like Norton and McAfee. One review states that

“Antispywareprolivescan.com is new homepage hijacker that will re-direct your homepage to rogue antispyware / virus scanner software ( called Antivirus 2009 ). Once infected, you will receive fake warning alerts and false warning messages. It is only a trick to sell rogue antispyware software which is completely useless and bundle of malware, trojans groups.”

I cannot be completely sure, but I wouldn’t bet against them having maleware in the downloadable “.exe” file just so you would go to their site and pay for a removal. The fact that they are hijacking you to their site to begin with is pretty sleazy.