Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Fake Anti-virus Polish Sales Skills of Cyber Criminals

As per the news published by ITPRO on August 27, 2010, cyber criminals have made an attempt to trick users into downloading rogue anti-virus software with the help of a fake comparison service.

Sunbelt Software has spotted a Trojan offering a range of fake security products rather than just one as typical with such attacks. In fact, it imitates the concept of VirusTotal - a website that enables the user to see how 40 legal and lawful security enterprises identify a sample of malicious code submitted by the user.

The Trojan copies itself into a number of folders with different names. After a period of 5 to 15 minutes, the Trojan displays a fake alert pop-up window.

This particular Trojan opens a window displaying the heading "Microsoft Security Essentials Alert." Along with the heading, four buttons come up to choose from, all of which direct to a website providing a comparison service between different products.

Once the user clicks on any of the four buttons on the screen "Potential threat details", it directs the user to a website which displays how varied anti-malware solutions allegedly detect the malware that is (not really) on user's system. It involves a long list of legal ones that failed to find infection on user's computer.

Only four of the products (all of which were bogus) managed to detect the malicious files and also claim that they are free. The fake products included Pest Detector 4.1, Red Cross Antivirus, Major Defense Kit and Peak Protection 2010.

Kelchner, Sunbelt Software spokesperson, states that the drill is known. Even though the installs are 'free', they pop up scary warnings that the system is infected, but these don't remove the threats until one pays, as per the news published on ITPRO on August 27, 2010.

The rogues install themselves in the form of tmp.exe in %local_settings%\Temp and run and antispy.exe. VIPRE detects them as Trojan.Win32.Generic.pak! cobra.

The security experts have alerted that the install reboots the victim's system, kills Window Explorer (displayed on screen) and leaves no icon on the victim's desktop. With the application of Task Manager, it is possible to launch Explorer and restore the icons to the desktop.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 9/2/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page