Trend Micro Believes FAKEAV Becomes Open Sourced Application

Malware researchers at Trend Micro, an online security firm, have found that hackers in their efforts to distribute the bogus antivirus 'FAKEAV' are creating various methods to use it for infecting the maximum number of Web-surfers.

David Sancho, malware Researcher at Trend Micro, states that he found there was some trouble in the new e-mail campaign spreading FAKEAV. According to him, if any end-user follows the URL, anti-virus 2010 gets downloaded on his computer and starts running. It also leads to the addition of some files, which are related to ClamAV, an AV toolkit of open-source nature for UNIX.

These files consist of the ClamAV signature archive and certain freshly-downloaded 'Dynamic-link Library' (DLLs) like pThreadVC2.dll and htmlayout.dll. Both ClamAV and DLLs are required for running the open-sourced AV program. Thus, it may be asked as to why genuine antivirus associated files are packaged with the FAKEAV malware's regular components.

Moreover, these files are obtained when FAKEAV installer's first routine is downloaded. During downloading process, garbage files also sneak in, which are randomly named on the computer.

According to Sancho, the bottom line is that the genuine computer files merely serve to make the entire fraud (scam) appear legitimate. Cyber criminals are possibly using this tactic for escaping detection. Some detection applications might have been duped into recognizing FAKEAV as authentic due to the genuine AV programs operating inside the system.

Earlier, researchers found that FAKEAV installed itself on the computer by displaying a message that a user's computer had been contaminated with malware, and subsequently persuaded the user to click on the URL

It has spread profusely as cyber criminals are utilizing SEO techniques to determine those web-pages that are most visited so that they can embed their malicious links in them, said security researchers. Additionally, they are inserting FAKEAV inside phony-sponsored web-links which get displayed on search engines like the AltaVista and Microsoft's Bing.

Finally, security specialists stated that bogus antivirus applications that have been creating immense problems for long are currently growing even more.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 11/4/2009