Microsoft - Malware Authors Writing Rogue AV More Advanced Now

Infosecurity-magazine.com reported on 21st August, 2014 quoting software giant Microsoft as "Rogue anti-virus authors are now using browser-based strategies in a new attempt to infect users and improve their success rates."

Infosecurity-magazine.com reported on 21st August, 2014 quoting an explanation of Daniel Chipiristeanu, a Researcher at Microsoft Malware Protection Center (MMPC) recently as "in the past rogue AV would use the hosts file to block access to the genuine security software of victim making it unable to protect against the malware."

He said that Rogue: Win32/Defru, a new variant, will now totally block access to the Internet.

Ibtimes.co.uk published a statement of Chipiristeanu on 21st August, 2014 saying "When the user is surfing the Net, the rogue will employ the hosts file to redirect links to a notorious specific bogus website which is frequently used in social engineering by fake AV malware."

Chipiristeanu said that the rogue is written in PHP and continues at machine reboot by adding up to the registry key.

Luckily, it isn't complicated to eradicate the malware from a tainted device as users must eliminate the entry value from the "Run" registry key and remove the executable file from the disk and admissions from the "hosts" file.

Presently, most of infected machines by Defru - as indicated by language - seem to be found in Russia.

Moreover, product payment can be carried out through credit card at Payeer.com, a payment service based in Russia that also helps in operations relating to currency exchange.

It infected other nations like the United States which comes on a distant second followed by Kazakhstan as third. The remaining infections are mainly in Middle Eastern and Eastern European states with minor infections in Western Europe also.

Securityweek.com reported on 21st August, 2014 quoting Jayce Nichols, Chief of Threat Analysis and Innovation at iSIGHT Partners as saying "we have been monitoring fake anti-virus for a prolonged time period now and it's been a preferred tool by the cyber criminals as users can be tricked effortlessly into either paying for a phony subscription or downloading malicious software while being presented as it looks like a genuine anti-virus alert."

» SPAMfighter News - 8/29/2014