Microsoft Adds Two New Scareware Programs in Top Ten Malware List

According to some recently released news, Microsoft's May 2009 security bulletin included two fake antivirus programs, Win32/FakePowav.B and Win32/Winwebsec, in its top ten malware list that the organization compiled after detecting the malicious codes in May 2009.

Microsoft states that the most common strategies employed by the developers of Win32/Winwebsec to propagate the rogue antivirus are convincing the victims that a malware has infected their computers. They used this technique to make them so scared that they land up buying the supposed antivirus thinking it would eliminate the 'non-existent' threats. This, according to the security researchers, is also the reason attributed to calling fake anti-virus programs a 'scareware.'

They further said 'Winwebsec' is also known as 'Winweb Security' or 'System Security.' One function of the rogue antivirus is that it downloads extra malware. For a brief period, it installs Worm Win32/Koobface.

The security specialists state that Koobface is designed to display pop-ups that install bogus online scanners. Hamish O'Dea, Security Researcher at Microsoft, states that Koobface doesn't appear to be associated with a particular malware since once it was FakeXPA, while more recently it is Win32/Winwebsec, as reported by SOFTPEDIA on May 14, 2009.

Furthermore, Winwebsec can also deactivate certain software as well as Windows components, displaying a message that the software products have been infected. The security researchers at Microsoft further added Trojan Win32/Winwebsec generally proliferates through Web pages or gets transmitted via online scanners. Users are duped making them download the malicious Trojan that comes packed in the 'install.exe' file. In their effort to remove threats from their systems, the users actually come in contact with the Winwebsec Trojan.

Moreover, Microsoft identifies the other scareware Win32/FakePowav.B in its May 2009 security bulletin as a vicious malware that functions similarly as Win32/Winwebsec. It pretends to scan for malicious code and pops up bogus alerts of viruses and other malware. Subsequently, it tells the computer owner that he needs to buy the product to eliminate the so-called threats.

Security experts also state that it appears scareware products are currently circulating in the wild, as is evident from the analysis by security analysts at Microsoft.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 5/23/2009