{"id":16189,"date":"2019-01-23T16:16:03","date_gmt":"2019-01-23T21:16:03","guid":{"rendered":"http:\/\/www.thundercloud.net\/infoave\/new\/?p=16189"},"modified":"2019-01-23T16:16:03","modified_gmt":"2019-01-23T21:16:03","slug":"the-windows-antivirus-scam-is-on-the-loose-again","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/the-windows-antivirus-scam-is-on-the-loose-again\/","title":{"rendered":"The Windows Antivirus Scam is On the Loose Again"},"content":{"rendered":"

The Windows Antivirus Scam is On the Loose Again<\/span><\/h1>\n

Quite a few years ago, there were many Windows antivirus scams, most of them targeting Microsoft Security Essentials users (Windows 7).<\/span><\/p>\n

Well, the old scam has been resurrected by the online hooligans. We just ran into it again as it popped up during a visit to Weather.com.\u00a0<\/span><\/p>\n

While this scam has been updated, it’s the old trickery. It attempts to scare you into buying an update for Windows Defender. Don’t be tricked into clicking the “Renew” button. Windows Defender is free and is pre-installed on all Windows 10 computers. Updates are free and come via Windows Update.<\/span><\/p>\n

We’re going to show you what the new Windows antivirus scam looks like, so you’ll recognize it when you see it. It shows up disguised to look as if it’s coming from your computer. It’s not. It’s just a redirect Web page. The first image makes it appear that it’s scanning your computer. <\/span><\/p>\n

\"Cloudeight<\/span>
\nScreenshot above: Old scam, old trick, new look.<\/em><\/span><\/p>\n

When the scan is completed, it always tells you that your computer is infected with 5 viruses and urges you to click the “Renew now” to download the update to prevent you from losing data and even your identity. This is pure garbage. Don’t believe it.<\/span><\/p>\n

Screenshot below: Animation always discovers 5 viruses on victims’ computers and warns of dire consequences if victims don’t click the “Renew Now” button – but don’t you dare click it!\u00a0 Notice the title bar says “Windows Defender Security Center” – I don’t think so, Mr. Scammer!<\/em><\/span><\/p>\n

\"Cloudeight<\/span><\/p>\n

And if you try to backspace or use your back-button to back away from this page, you’ll see a different image for the same scam. Notice the this scam ad shows that your antivirus just happened to expire today. That’s because the page is running a date script that acquires today’s date from the victim’s computer.\u00a0 If you see this version of the Windows antivirus or Windows Defender scam, it will always show you that your antivirus expired on the date you happen to see. You’re warned and informed:\u00a0 Don’t be fooled.<\/span><\/p>\n

\"Cloudeight<\/span><\/p>\n

Victims who are tricked into clicking the “renew” button are directed to an online store where they can purchase the “update”. However, when users get to the store, they’ll be downloading a fake antivirus program which is useless malware, and it’s not an update for anything.<\/span><\/p>\n

If you see this scam, look in the browser’s address bar and you’ll see it is a Web page. The ad we saw today came from from hindowsappcenter.securitys-shieldsv.pw. The domain is “securitys-shieldsv.pw”. What does that even spell?<\/span><\/p>\n

A few years back, the .pw domain was known as a haven for spammers.\u00a0 It looks like the .pw domain is back again.<\/span><\/p>\n

Here’s what Wikipedia says about the .pw domain:<\/span><\/p>\n

.pw is the country code top-level domain for Palau. It was originally delegated to the Pacific island nation of Palau in 1997. It has since been redelegated a number of times, most recently[when?] by Directi, a group of businesses operating registrars among other Internet-related services, who rebranded it as the Professional Web. From March 25, 2013, domains under the .pw TLD are available to the general public.<\/span><\/p>\n

Symantec released two reports in April and May 2013 claiming that domains under .pw TLD were a significant source of spam e-mail.[2][3] In July 2013 the registry announced that they had passed the 250,000 registration milestone within the first three months, after having 50,000 registered domains in the first three weeks…(Source:\u00a0https:\/\/en.wikipedia.org\/wiki\/.pw<\/span><\/a> )<\/span><\/p><\/blockquote>\n

Don’t be tricked by this scam. Windows Defender is free and comes pre-installed on all Windows 10 computers. Updates are free and come via Windows Update.<\/span><\/p>\n

Be prepared, not scared. If you see this fake ad, just close the browser tab. No special tricks needed to close this one.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

The Windows Antivirus Scam is On the Loose Again Quite a few years ago, there were many Windows antivirus scams, most of them targeting Microsoft Security Essentials users (Windows 7). Well, the old scam has been resurrected by the online hooligans. We just ran into it again as it popped up during a visit to Weather.com.\u00a0 While this\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":14573,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1655,1433,1680,1656],"tags":[1161,589,136,2918],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/16189"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=16189"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/16189\/revisions"}],"predecessor-version":[{"id":16190,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/16189\/revisions\/16190"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media\/14573"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=16189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=16189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=16189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}