BleepingComputer.com: Source Of Av 2008 Or Av 2009

We have serviced a variety of people with these viruses (viri?) and am trying to get a handle on what files, what sites or programs are the culprits. There seems to be no commonality other than internet access for these. Some have been executed on opening an email attachment and others have shown up from standard "browsing". We would like to get to the source or even look at a file to discect it.

Any wisdom on this here?

They are rogue security applications that use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a program to fix it. The messages can mimic system messages so they appear as if they are generated by the Windows Operating System. The problem with these types of infections is that they can download other malicious files so the extent of the infection can vary to include rootkit components.

For more detail on how these types of infections install themselves, read Anatomy of a malware scam.

This type of malware spreads via Internet Relay Chat, by visiting underground web pages, adult, gaming or pirated software sites, and by using peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The infection also spreads through emails containing links to websites that exploit your web browser’s security holes and by exploiting a vulnerability in exploiting a vulnerability in older versions of Sun Java. When you click on a malware related email link, Internet Explorer launches a site that stealthy installs the Trojan so that it can run every time you startup Windows and download move malicious files.

The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.