New Rogueware Samples Drop Malicious Programs

Researchers at Sophos, an online security company, report that they have detected a fresh type of three bogus antivirus applications namely 'SaveSoldier,' 'TrustNinja' and 'SaveKeep' that are currently circulating on the web, as reported by Web User on September 7, 2009.

The researchers explain that fake antivirus software typically misreports legitimate programs or documents as malicious software in the anticipation that users can be persuaded into paying out for cleaning the infection from their computer. However, the new versions of phony antivirus, also called rogueware, install malicious software on computers of end-users.

These installations, according to the researchers, might be quietly done via already malware infected computers. The malicious software offered to users as updated Flash player programs or video codecs when they visit malware-laden websites or installed through drive-by download attacks.

Chee Hui, a Researcher at Sophos, said - rather than randomly and blatantly misreport programs and files as malicious software, the new Trojan deliberately creates junk files on the contaminated PC and give them random names and unrelated file extensions. Thereafter, it identifies those junk files, as reported by Web User on September 7, 2009.

The researcher states that the social engineering used with the new fake antivirus helps rogueware promoters to easily sell their software online for making quick money.

Citing the same bogus anti-viruses, the security researchers stated that the applications weren't new rather they had been re-branded, a strategy that promoters of fake anti-viruses had been frequently using, as reported by Web User.

They further said that a different firm was selling the bogus anti-viruses, where the applications had the same features and characteristics, just what Sophos security experts had analyzed.

Moreover, the three pieces of malware tried to persuade any user who unwisely loaded them on his computer and give away money so that the non-existent viruses might be removed from his system.

Eventually, to keep such bogus antivirus applications at bay, security researchers at Sophos and other security laboratories have recommended that Internet users should load the most recent and trusted anti-malware and antivirus software on their computers.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 9/25/2009