Monday, May 28, 2007

PestTrap is both a trap and a pest...

More malicious spyware, also known as malware on t'Interwebs... I usually have McAfee full version installed for firewall protection of my static ADSL connection but failed to renew the license for a few days. Bingo! In the last couple of days my machine has been invaded by at least two serious trojans, one of them hitherto unknown to me, called PestTrap.

And boy, is this a pest or is it a pest! PestTrap's "demo" installs itself on your machine without invitation or permission and then presents itself as regular spyware. Except... it isn't. PestTrap generates numerous false positives from the status-bar and occasionally brings up a page-size popup, inviting you to buy the full version and "disinfect" your machine. To the right: a reduced screen shot of PestTrap's "console".

PestTrap looks and sounds convincing and many a computer layman will be tempted (coerced more like) into spending money on this piece of malware. G-d only knows what happens if you buy the full version...

PestTrap has a website of course: PestTrap.com. It suggests removing the software by means of the usual procedure (via Command Center > Add/Remove software) but malicious as this piece of vermin is, that is not possible. PestTrap keeps itself open all the time and an open application can not be uninstalled by the usual procedure. PestTrap.com also has an email operated "help-line": needless to say, don't hand your email address to these criminals...

And so, after a frustrating (a euphemism in this case, trust me) couple of hours; I had no choice but to call for help by searching Google for PestTrap removal guidelines. There's a host of information on that subject and
I chose this page. I downloaded the demo of PC Tools Spy Doctor, ran the scan and eventually had no choice but to purchase the full license. It did the trick all right. One can't help thinking cui bono? Who benefits from these malwares?

Well, whoever it is, they are criminals. When will something be done about these thieves and saboteurs who cause millions to lose valuable time and money trying to get rid of the results of their criminal activity?

8 Comments:

At 5:15 PM, Blogger The Sentinel said...

The easiest way to proctect yourself from this kind of un-sanctioned installation is to browse the internet with your user account, only using your administrator account when absolutely necessary.

 
At 5:18 PM, Blogger Gert said...

Browse the Internet long enough without McAfee (or similar) and these sniffers will always find a way in, no matter what type of connection you use.

 
At 5:53 PM, Blogger The Sentinel said...

Maybe, but they cannot install programmes through a user account, only the admin. account has that privilege; that is why you run the 'least privilege account' for routine use.

 
At 8:37 PM, Blogger Gert said...

No, not MAYBE.

Perhaps your AOL account provides a great firewall, as I believe it does (for a rather inflated price).

I've been using various ISPs and various packages, most of them aren't well protected. I used cheaper firewalls before I switched to a static ADSL and I was continouously being attacked, no matter what I used. Most attacks though are quite innocuous, some are as bad as PestTrap or SpyHunter (another rogue).

 
At 8:54 PM, Blogger The Sentinel said...

I don't think you understand what I am saying to you- regardless of firewalls and other perimeter security, programmes cannot install unless they have the permissions to do so. That is when you run your account as administrator as a matter of routine these programmes use the permissions of that account to install. If you were using an ordinary user account, even if they got through the firewall they still could not install.]

And as for firewalls, the bog standard windows firewall is sufficient if you follow the principle of closed to open; the commercial ones do more or less the same job to various degrees of chattiness but the GUI and marketing are more slick. they tend to be just a little bit more user friendly too.

The problem lies not with the firewall but your configuration of open ports and your routine use of the administrator account whilst browsing.

 
At 9:02 PM, Blogger Gert said...

You underestimate these rogue programmers seriously. There isn't much they can't do if they set their mind to it. Even serious firewalls won't stop a determined intruder from installing whatever they want.

 
At 10:01 PM, Blogger The Sentinel said...

Wow- you don't get it at all do you?

It is only because you were using the administrator account that these programmes were unable to install in any case- nothing to do with firewalls at all (often they come in through legitimate downloads in any case) once they are in they use your administrator account privilege to install themselves- a user account cannot do so.

Trust me, that is what has happened here. IT security is something I know very well.

Set up and browse with a bog standard user account in future, unless you need an explicitly admin account.

 
At 1:16 PM, Blogger Gert said...

What you say may be true for LANs, WANs and home-networks. But that's about it...

 

Post a Comment

<< Home