Spyware and Malware

I fixed a PC today that had been infected with a particularly nasty piece of spy-ware called Thinkpoint.

In a nutshell...

ThinkPoint is a fake rogue anti-spyware program that is part of the Fake Microsoft Security Essentials infection. When this infection is installed on your computer it will display a fake Microsoft Security Essentials alert that states that it has detected an Unknown Win32/Trojan on your computer. It will then prompt you to scan your computer, which will start a fake scan of your computer that ultimately states that C:\Program Files\Messenger\msmsgs.exe is infected with Trojan.Horse.Win32.PAV.64.a and that it will install ThinkPoint to remove the virus. It will then prompts you to press the OK button, which will reboot your computer to finish the installation.

When your computer reboots you will be presented with the ThinkPoint start screen before your normal Windows desktop is shown. It then prompts you to scan your computer, which will state that your computer is infected with numerous fake infections.

Did you happen to notice the word FAKE used a few times?

Your computer will not run properly from this point on. Internet Explorer is hosed, programs will be intercepted and falsely accused of being infected with something or other, cats and dogs living together, total anarchy on your hard drive.

It will not, though, allow you to use your computer as the Windows desktop or the Windows task manager will not be allowed to run until you purchase the ThinkPoint program. In fact if you try to close the program or even reboot, it will state that "Current settings don't allow unprotected start-up. Please check your settings." As you can see this program is a scam as it is ransoming the proper operation of your computer until you purchase it. It goes without saying that you should not purchase this program for any reason.

How could this happen?

Seems an email was opened which had a link in it. This link was clicked on which immediately opened a pop-up window indicating there was a virus on the computer and only ThinkPoint could resolve it.

At this point, there are two options. One, take the bait and click the Scan Now button, or two, power off the PC by pulling ther power cord (or holding the power button until the PC shuts off), boot into Safe-Mode and scan your computer for viruses, spyware and malware and be rid of the problem. Lesson learned, never click on links in emails that may be suspect.

In this case, they clicked on the Scan Now button. This sealed the deal and opened the door to more and more spyware being installed by ThinkPoint. In fact, a rootkit was installed which redirects all searches in Google to ad sites or worse, sites with viruses just waiting for a visitor.

Who are these people?

My question is this, who are these people and why aren't they hunted and shut down like an email spammer is?

The authorities go after spammers and file sharers with a vengeance, yet aside from the obvious effects, a full in-box with possible virus links in them which we DON'T click, to huge corporations losing a few bucks, they are relatively harmless.

Companies behind software like ThinkPoint are causing REAL damage. People lose data, memories, histories, you name it. If someone with limited abilities faces ThinkPoint, they'll lose and the possibility of data loss becomes real.

I guess what I am saying is, we need to practice safe computing. We need to install good anti-virus/spyware software and not worry about the initial small financial hit to purchase it. We need to realize links in emails do not have to be clicked. There is no law stating "if it's a link, it must be clicked". Even if the email looks legit or from someone we know, be wary and be careful.