Fake Antivirus ‘DefenceLab’ Circulating on Net

Security experts at Sunbelt have discovered that an online attack, which uses a new trick of social engineering, is offering actually fake antivirus scanners seemingly from Microsoft. The rogue anti-malware, named DefenceLab, diverts infected users to the Support site of Microsoft.

It inserts an HTML code into a displayed page from Microsoft.com. This page recommends that the visitor should use DefenceLab.

Roger Thompson, Chief Research Officer of AVG, states that the particular social engineering tactic has been intelligently used by hackers to turn many people into victims, as reported by Avast!webforum on December 10, 2009.

The security experts state that although DefenceLab advertises itself as a dependable security software, it is actually a fake AV product. The application claims that a large of users browsing CNET's Download.com has installed it. The trick is to persuade end-users to acquire and install its 'trialware'.

DefenceLab begins to advertise its supposed registered version. However, both DefenceLab's trialware and the registered version are fake and should be avoided, warn the experts.

Further, DefenceLab could be downloaded through bogus multimedia codecs. The program cheats computer users by exhibiting bogus results of virus scan, bogus security notifications, and pop-up ads.

Windows users, who are already infected by the scareware, are being persuaded to buy the supposed malware-cleaning software's full version. People accessing the URL indicated in the Windows Support portal that the scareware mentions, from an uninfected computer, receive a 'page-not-found' notice 404 times.

The strategy is based on a previous trick, which involved hijacking compromised computers' files so that the users' web-activities could be intercepted. The previous trick, through an attack, diverted Microsoft queries to certain compromised PC located in the UK.

Thompson commented that the two tricks actually highlighted the deceiving capacity of the miscreants. It was largely unexpected that they would modify html and manipulate Microsoft.com, wrote Thompson on AVG blogs dated December 10, 2009.

Thus, the experts recommend that users shouldn't become a victim of DefenceLab's trickery, but if they have already downloaded the program, they should get it cleaned with a dependable AV.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 12/22/2009