Fake Anti-virus Polish Sales Skills of Cyber Criminals

As per the news published by ITPRO on August 27, 2010, cyber criminals have made an attempt to trick users into downloading rogue anti-virus software with the help of a fake comparison service.

Sunbelt Software has spotted a Trojan offering a range of fake security products rather than just one as typical with such attacks. In fact, it imitates the concept of VirusTotal - a website that enables the user to see how 40 legal and lawful security enterprises identify a sample of malicious code submitted by the user.

The Trojan copies itself into a number of folders with different names. After a period of 5 to 15 minutes, the Trojan displays a fake alert pop-up window.

This particular Trojan opens a window displaying the heading "Microsoft Security Essentials Alert." Along with the heading, four buttons come up to choose from, all of which direct to a website providing a comparison service between different products.

Once the user clicks on any of the four buttons on the screen "Potential threat details", it directs the user to a website which displays how varied anti-malware solutions allegedly detect the malware that is (not really) on user's system. It involves a long list of legal ones that failed to find infection on user's computer.

Only four of the products (all of which were bogus) managed to detect the malicious files and also claim that they are free. The fake products included Pest Detector 4.1, Red Cross Antivirus, Major Defense Kit and Peak Protection 2010.

Kelchner, Sunbelt Software spokesperson, states that the drill is known. Even though the installs are 'free', they pop up scary warnings that the system is infected, but these don't remove the threats until one pays, as per the news published on ITPRO on August 27, 2010.

The rogues install themselves in the form of tmp.exe in %local_settings%\Temp and run and antispy.exe. VIPRE detects them as Trojan.Win32.Generic.pak! cobra.

The security experts have alerted that the install reboots the victim's system, kills Window Explorer (displayed on screen) and leaves no icon on the victim's desktop. With the application of Task Manager, it is possible to launch Explorer and restore the icons to the desktop.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 9/2/2010