About Me

Rahul Mohandas

Rahul Mohandas

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

AntiSpyStorm: Fake Microsoft AntiSpyware Center pushing Adware !

Thursday, October 11, 2007 at 8:19am by Rahul Mohandas
Rahul Mohandas

Adware and Spyware have long been the bane of computer users, probably even more than viruses. Most of the time malware authors employ the age-old art of social engineering to victimize the not so tech-savvy computer users into installing Adware and Spyware. Over time, these people came up with innovative methods to convince a user into installing these so-called AntiSpyware programs.

This time, it’s a fake Microsoft AntiSpyware website that is promoting the rogue AntiSpyware application, AntiSpyStorm. Avert had earlier blogged about rogue AntiSpyware applications like SystemDoctor and we have probably classified several hundreds of them, if not thousands. This threat appears to be a successor to the trojan FakeAlert-D.

AntiSpyStorm

This Fake Microsoft AntiSpyware Center page purports to be an “Online Security Scanner” which scans the system for viruses and spywares. After the dupery scanning, the user will be presented with a dubious and falsified list of Trojans after which the user will be prompted to download and install an ActiveX Control to remove the threats.

The infection starts when the unsuspecting user installs the alleged ActiveX control. The trojan hijacks the Internet explorer homepage, shows fake alerts and exaggerated security threats which instigates a user to install a trial version of AntiSpyStorm product.

After installation the product offers a free system scan for threats. The reports of this scan are exaggerated and contain false errors reported as actual threat. When the user is scared into believing these threats are real, AntiSpyStorm offers the victim to download the full version and tricks the victim into entering his credit card details.

I have put together a short video which shows how an unsuspecting user could get infected.

The rogue Anti-Spyware is detected with the current DATS as Adware-AntiSpyStorm and the fake ActiveX control is detected as FakeAlert-T.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (7)

  • Vin Caruso November 2, 2007 5:36PM

    Rahul: very nice and informative. I am one of the unlucky ones to get to level 2, but never id level 1. Had a problem about 6 months ago where it comes in piggybacked to and application. How do I get control back of my system?

    David M. Ward: Could you dispute the billing on your credit card.

    Reply
  • BloodAngel88 October 29, 2007 12:31PM

    Hi Guys, I think the best way to prevent something like that happen is to download antispyware software only from microsoft download center.^^

    Reply
  • Sanjay October 17, 2007 6:53AM

    Hi Rahul:
    Good and informative write-up. It would be nice if you also provide some information on preventive measures (apart from buying McAfee :) ), as being asked by Ken also.

    -Sanjay

    Reply
  • Sanjay October 17, 2007 6:50AM

    Hi Ken:
    There can be more than one fake sites. I could get the following:
    1.vvindowsupdate.com (notice the double ‘v’ that together shape like w)
    2.maxing-search.com
    You can find more on the following blog:
    http://fergdawg.blogspot.com/2007/07/lets-be-careful-out-there-bogus-windows.html

    -Sanjay

    Reply
  • Ken McLeod October 16, 2007 8:03AM

    Be nice to know the URL of the fake site, so I can put a block in the school firewall.

    Reply
  • David M. Ward October 13, 2007 8:39PM

    So, what do I do about this? They’ve taken my money, apparently now have my credit card#…what do I do?

    Reply
  • carl October 11, 2007 10:00AM

    why the owner of these sites are not arrested by police?

    Reply