Phony Antivirus Poses as Microsoft’ MSRT

Security researchers at Computer Associates, a software developing company, are warning about a newly unleashed fake antivirus program that pretends to be the MSRT (Malicious Software Removal Tool) from Microsoft. The program falls among the Win32/FakeAV group of malicious software.

After the fake AV is planted on a user's computer, it displays a message, which says that Microsoft's MSRT has been installed and the user needs to click on the message so that the scanning process can start, otherwise it will automatically begin within 10 seconds.

Following the end of the scan, some made up infections appear inside a phony MSRT window. On pressing the "Finish" button, another window named "OEM Purchase Center" appears that offers unrestricted whole life licenses at discounted prices for items like McAfee Total Protection 2009, Norton SystemWorks 2009, Norton Internet Security 2009, or Norton 360.

However, buying a license does not mean possessing a genuine one. Therefore, if the user tries to 'cancel' the window, another bogus warning will display.

Apart from this, the program also targets the Windows Security Center, the researchers at CA disclosed. First, a bogus alert tells the user that there isn't any antivirus on his PC, so it prompts to click for an apparently genuine Security Center GUI whose "Virus Protection" field is highlighted. Subsequently, clicking on the "Recommended" option displays a fake website, which presents additional phony items for sale.

Besides, it further influences the PC's Word software, showing a fake warning of an Office Update on opening it. If the user accepts the dialog box, the fake website opens a page, which presents licenses for sale at reduced rates for software like Office Ultimate 2007, Office Enterprise 2007, Adobe Photoshop CS4 Extended, or Adobe Acrobat 9 Pro.

Additionally, there are still other malicious acts from the rogue software like compromising legitimate processes and applications. When P2P clients are executed, it warns that they could be harmful for the computer and would be erased.

Commenting on the point, the researchers stated, bogus security software frequently infests modern computers and are a vital source of illicit earnings for online-criminals.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 24-06-2009

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial