Fake Anti-Virus Programs

nvlivefake

Our researchers at MTR Services have discovered a new set of rogue ant-ivirus software circulating on the internet. Based on initial analysis, these threats arrive mainly via spammed email messages and are also circulating in instant messaging applications and private messages in social networking Web sites.

Don’t be fooled! These types of fake antivirus alerts come with a variety of names such as Antivirus 2009, Antivirus 2010, Personal Security, Antivirus Pro 2010, Antivirus Home 2010 etc.

If a warning pops up on your computer similar to any of the examples below, right click on the menu bar on the lower part of your screen, click ‘Start Task Manager’, got to the processes tab, and end the process for the popup. You can also disconnect from the internet or reboot your computer immediately to prevent the virus from installing on your computer. If you don’t know how this is done, you can call us at 281.222.9992 and we can help.

Once the URL link is clicked (often disguised as the red X close icon in the top right corner of the popup, the Web threat infection chain begins and ultimately leads to the download of a Trojan detected as TROJ_FAKEAV.CX. This Trojan is a rogue antivirus that displays very convincing (and for some, alarming) messages, such as the following:

Note that since users are only using the “trial version,” TROJ_FAKEAV.CX even convinces users to buy the full version so that they are always supposedly protected:

TROJ_FAKEAV.CX also drops another malware, detected as TROJ_RENOS.ACG. RENOS Trojans are known to have very visual payloads that may further alarm users — for example, they modify the system’s wallpaper and screensaver settings to display BSOD (Blue Screen of Death/Doom). Thus, users may be more convinced that something’s wrong with their system, not knowing that their new software is the one causing it.
Rogue antispyware isn’t entirely new, although our researchers have been seeing an increase in activity for the past couple of months.
Perhaps it’s because this is also the time of the year when the more legitimate security suites are releasing their latest software updates, and cyber criminals are riding on this season to ramp up their profits.

Leave a comment