Monday, March 26, 2007

AOL Has Winfixer Trojan On It's Website

A few days ago, fellow MVP Sandi Hardmeier reported that Winfixer was being installed from some of the advertising on web pages. You can see on her Gotcha! Winfixer and Aol post all of the details. In short, Aol has advertising banners that show many ads. One of them will load from and then attempt to trick you into installing System Doctor. A few screen shots can be seen here. The whole thing is a scam to trick people into buying the program. AOL needs to remove these ads immediately. By allowing them to stay, AOL is allowing people's computers to get infected with spyware and letting the spyware creators make money.

Winfixer is one of many names the rogue program goes by. There are different versions that use different names. Some of them are: System Doctor, WinAntiVirus, ErrorSafe and DriveCleaner. They aren't fake antispyware programs, but they claim to find problems with Windows, kind of like registry cleaners. The problems reported by one of these programs aren't real. They are used to trick you into buying the program. You will also get pop ups and other unwanted reminders to buy the program. Sunbelt CounterSpy targets these programs under ErrorSafe. Antivirus programs detect Winfixer as well. Symantic and McAfee have detailed web pages that describe this threat as well.

AOL needs to take action to protect their users immediately. While the Winfixer ads are infrequent, the large number of people who visit means that many people are being put at risk. Also, by hosting the ads for Winfixer, this means Aol is directly responsible for letting these spyware creators make money. Any delay in removing the Winfixer trojan from Aol is not acceptable.