Microsoft Detect Two New Bogus Windows Antivirus SoftwareAccording to security news reported by SOFTPEDIA on December 18, 2008, Microsoft, along with the Washington Attorney General Office, has started taking legal actions against makers of fake antivirus products. It is also fighting with a new infection targeting its operating systems by installing single piece of malicious code at a time. Reports stated that two new fake antivirus families, Win32/Yektel and Win32/FakeXPA, have been added to Microsoft's signatures list this month. Both the families have been put on top of Win32/FakeSecSen identified by Microsoft in the month of November 2008. After one week of releasing MSRT (Malicious Software Removal Tool) November 2008 figures, the prevalence level of Win32/FakeXPA was recorded at a lower level than Win32/FakeSecSen. Moreover, Win32/FakeSecSen was eliminated from 994,061 computers. According to security experts at Microsoft, Win32/FakeXPA generally downloads a number of components and each installation consists of a Control Panel applet (.CPL) and an executable (.EXE). The function of .CPL is launching EXE. Security researchers said that both the fake antivirus, Win32/FakeSecSen and Win32/FakeXPA, exhibit signs that they are running, although it is not clear if they are fake. Unfortunately, both of them act like legitimate software in several ways. For instance, they contain full GUIs (Graphical User Interface) that provide them real look and feel of authentic security products. But the good thing about them is that they are easy to disable while running unlike other malicious software. For instance, an infected user can identify Win32/FakeXPA EXE just by following "Antivirus 2009" shortcut available on the desktop. Hence, manual elimination of the malware is easier than other malware. Moreover, it should not surprise anyone that Win32/Yektel largely overlaps Win32/FakeXPA or vice versa. Microsoft cleaned nearly 61,439 machines containing both the malware. In contrast, 107,459 machines in total were cleaned from malware Win32/Yektel, showing that a large proportion of cases include Yektel malware in isolation. Meanwhile, Microsoft security experts stated that creators of Win32/FakeSecSen have found new methods of money making. This is evident from a dramatic fall in Win32/FakeSecSen removal cases in December 2008 and no new variant of it has been detected for past some time. Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails ยป SPAMfighter News - 1/2/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
