Trojan Imitates MS Security Essentials Warning, Distributes Bogus AV
According to Help Net Security, which published its news on August 23, 2010, researchers have detected a Trojan that mimics an alert from Microsoft Security Essentials (MSE), while attempting at making users believe that there's malware on their computers that can be removed only via purchasing any one anti-virus application from the total of five offered.
The bogus MSE warning touts one free anti-virus brand similar to that of Microsoft as well as features User Interface components together with style components like icon.
The bogus warning dialog box states that the user's PC has been found infected with a Trojan. Thereafter, it enlists this Trojan dubbing it Unknown Win32/Trojan and says that it must be cleaned with any one anti-malware program from the five provided namely Red Cross Antivirus, Pest Detector 4.1, Peak Protection 2010, AntiSpy Safeguard and Major Defense Kit.
Actually these five phony security programs are all of identical nature, although named differently while they also feature varied user interfaces. Moreover, installing any one causes the computer to reboot following which the program becomes active automatically and feigns to perform a scan.
However, the outcome every time is the same: there's plenty of malware on the computer and that although the bogus AV has removed some of them, numerous other contaminated files still exist, which solely the complete (paid) edition is capable of eliminating.
Simultaneously the bogus MSE warning disables several applications like Internet Explorer alleging that malware has infected them. But actually there's none and MSE alert is not just totally worthless, but destructive too.
Security researchers while remarking about this stated that attackers were clearly trying to lend a legitimate touch to their bogus AV programs. So the best tactic they applied was simulating an authentic security solution vis-à-vis feel and appearance and doing it to the maximum possible extent. In the current instance, the attackers were copying Microsoft Security Essentials.
Hence, the researchers caution users not to trust any of these alerts as they're not valid. In fact, they must overlook them wholly as well as pay nothing whatsoever for any bogus anti-virus solution MSE alert may present.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 30-08-2010