Fake Windows “Antivirus” Code affecting many

By Koushik Saha on 23.11.08

Filed Under: , , , ,

Even with Windows 7 in pre-Beta stage, Microsoft is emphasizing the need for end users to run security software with the operating system, indicating that it is working with members of the industry in order to have the first antivirus products tailored for the Windows client as early as the Beta development milestone. Fact is that the necessity to install security solutions is valid for all Window operating systems, not just Windows 7, but at the same time, there are some antivirus products that users need to steer clear of. Just in November, Microsoft contributed to removing malicious code posing as Windows antivirus solutions from approximately 1 million computers worldwide.

Products including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus and Ultra Antivirus 2009 have a lot in common, but nothing whatsoever with genuine security products. Fake security software has grown to the size of a veritable plague, managing to deliver a consistent hit to the usability of infected PCs in order to blackmail the users into paying for the removal of incessantly nagging notifications.Rogue security “software tells you that your system is crawling with bad stuff (for free!) and then offers to remove it for you (that’ll cost you). Of course the stuff they report is completely bogus; they are incapable of finding any real malware. What’s more they can be very insistent, repeatedly displaying popup warnings that make it virtually impossible to use your machine unless you pay to 'register' the program,” revealed Microsoft's Hamish O'Dea.

Scareware including Micro AV, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus, Ultimate Antivirus 2008, Windows Antivirus 2008, XPert Antivirus, Power Antivirus and others are identified by Microsoft as members of the Win32/FakeSecSen family.

The Modus Operandi is always the same. Installed on the users' machines, or simply when accessing a webpage, Win32/FakeSecSen will perform a fake scan of the PC for free and report inexistent problems, raging from malware infections to privacy concerns. However, once the inherent list of bogus malicious code infections has been produced and delivered to the end user, the false resolve is only made available for a fee. Paying for the rogue security software will only result in the product removing the threats which did not exist in the first place.

“An interesting, but not unusual, characteristic of Win32/FakeSecSen is that it uses many different disguises. As well as further contributing to the level of FUD and making them harder to keep track of, this might broaden their appeal to a wider audience – while one person may be convinced by something called “Ultimate Antivirus”, another would be more likely to install 'Vista Antivirus 2008'. It may even lead to the same person being duped by the same rogue more than once,” O'Dea explained.
source : softpedia.com

0 comments for this post