Phony Antivirus Poses as Microsoft’ MSRT
Security researchers at Computer Associates, a software developing company, are warning about a newly unleashed fake antivirus program that pretends to be the MSRT (Malicious Software Removal Tool) from Microsoft. The program falls among the Win32/FakeAV group of malicious software.
After the fake AV is planted on a user's computer, it displays a message, which says that Microsoft's MSRT has been installed and the user needs to click on the message so that the scanning process can start, otherwise it will automatically begin within 10 seconds.
Following the end of the scan, some made up infections appear inside a phony MSRT window. On pressing the "Finish" button, another window named "OEM Purchase Center" appears that offers unrestricted whole life licenses at discounted prices for items like McAfee Total Protection 2009, Norton SystemWorks 2009, Norton Internet Security 2009, or Norton 360.
However, buying a license does not mean possessing a genuine one. Therefore, if the user tries to 'cancel' the window, another bogus warning will display.
Apart from this, the program also targets the Windows Security Center, the researchers at CA disclosed. First, a bogus alert tells the user that there isn't any antivirus on his PC, so it prompts to click for an apparently genuine Security Center GUI whose "Virus Protection" field is highlighted. Subsequently, clicking on the "Recommended" option displays a fake website, which presents additional phony items for sale.
Besides, it further influences the PC's Word software, showing a fake warning of an Office Update on opening it. If the user accepts the dialog box, the fake website opens a page, which presents licenses for sale at reduced rates for software like Office Ultimate 2007, Office Enterprise 2007, Adobe Photoshop CS4 Extended, or Adobe Acrobat 9 Pro.
Additionally, there are still other malicious acts from the rogue software like compromising legitimate processes and applications. When P2P clients are executed, it warns that they could be harmful for the computer and would be erased.
Commenting on the point, the researchers stated, bogus security software frequently infests modern computers and are a vital source of illicit earnings for online-criminals.
Related article: PM’s Official Web Site Targeted By Hackers
» SPAMfighter News - 24-06-2009