Two tenacious exploits debunk vendor claims
The Adobe Flash Clipboard Hijack and the XP Antivirus exploit throw "state-of-the-art" Web security clients for a loopFollow @rogeragrimes
The interesting feature of this malware program is its ability to modify the Microsoft Windows desktop to look as if the status bar is sending an alert message indicating a virus infection. The alert looks like an official Microsoft Windows warning, bubbling up from the area where you normally expect to see legitimate programs. The XP Antivirus 2008 program install looks just as official, but once installed, the program either asks for money to get rid of the supposed viruses or starts stealing confidential information. By the time most users realize they have been scammed, it's too late.
The Internet is full of sites and tools attempting to help users disinfect their PCs. Most solutions don't work no matter how well intended. Many malicious executables are programmed to prevent easy cleanup, even blocking access to Web sites that offer good help and preventing legitimate cleanup tools from running. My friend, Jesper Johansson, provides a great, detailed profile of the XP Antivirus malware scam.
I use the XP Antivirus malware in my testing not only to see if the reviewed product could defend against it, but also because XP Antivirus is one of the most difficult exploits to remove. The sophisticated coding invades multiple areas of the system, disables popular anti-virus programs, turns off firewalls, and does its best to remain on the system, even when you think the system has been cleaned.
Sure enough, some of the reviewed products don't do a perfect job of removing XP Antivirus, which means there are cracks in the armor that can be exploited by other malware.