Another great article from Brian Krebs.
Fake Antivirus Industry Down, But Not Out
Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials. But it’s probably too soon to break out the bubbly: The inordinate profits that drive fake AV peddlers guarantee the market will soon rebound.
http://krebsonsecurity.com/2011/08/fake-antivirus-industry-down-but-not-out/
Graham Cluley
Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack.
If you make the mistake of clicking on one of the malicious goo.gl links you are ultimately taken to a website which attempts to scare you into believing that you have a virus problem on your computer. You are then frightened into installing malicious code on your PC, and asked to pay money to disinfect your systems.
http://nakedsecurity.sophos.com/2011/01/20/fake-anti-virus-attack-twitter-via-goo-gl-links/
Malware that has already passed through various iterations.
Microsoft Malware Protection Center.
Initially it was “System Defragmenter”, then “Scan Disk” and now it’s called “Check Disk”. While the name will most certainly change again, the main goal of Trojan:Win32/FakeSysdef will surely remain the same: to trick you into buying a piece of software that does nothing except scare you with fake warnings, critical “errors” and other “problems”.
As the name suggests, this malware imitates a hard disk defragmenter. It will pretend to scan your computer for problems such as: it “checks” if your hard disk is working correctly, “defragments” it, and even checks the health status of your RAM and GPU (Graphic Processor Unit). Of course, once you start checking for problems using this ‘program’ it is going to “find” a bucketful of them:
* Bad sectors
* RAM fragmentation
* Registry errors
* Very high CPU/GPU temperature
* RAM failures
Story and screenshots:
http://blogs.technet.com/b/mmpc/archive/2010/12/01/fakesysdef-we-can-defragment-that-for-you-wholesale-diary-of-a-scamware.aspx
Rogue security products use false advertising, drop malware and often have a similar name or appearance to legitimate security software.
Scareware has already mimicked the Windows Security Center. This one mimics Microsoft Security Essentials and calls itself “Security Essentials 2010â€.
Microsoft Malware Protection Center.
As we in the MMPC have always been quick to point out, Microsoft Security Essentials can be downloaded and used without charge by users running genuine Windows (from here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly Up To No Good.
Screen-shots and more information at the MMPC Threat Research & Response Blog.
Microsoft detects the imposter as Trojan:Win32/Fakeinit. Encyclopedia here
http://certifiedbug.com/blog/category/scareware-rogues/
