How good are you at identifying a genuine security product from an imposter that claims to offer protection? If you think you are good at it, then have a look at the images below.
[ Legitimate McAfee site]
[Rogue Anti-Virus MaCatte site]
Recently we have seen the rapid growth of rogue anti-virus/spyware programs. This one is especially interesting. Why? Because it mimics McAfee’s security product. This rogue software displays the same user interface as McAfee Security Center. It also offers a web page that looks similar to McAfee’s legitimate site.
I suppose we should be flattered that malware authors have chosen our product as one worth imitating. Rogue anti-virus products have long mimicked Microsoft’s security apps in Windows XP (FakeAlert-XPSecCenter) and Windows Vista/Windows 7 (FakeAlert-EA).
The idea behind fake AV software is to trick unsuspecting users into thinking their machines are infected. The malware will display a window that shows many innocent files detected arbitrarily as compromised. These fake security alerts are baseless–they exist to trick victims into pressing the panic button. In this case agreeing to “Remove all threats now” will lead to purchasing the MaCatte Antivirus 2009 product. The rogue software offers several “features”:
[MaCatte SecurityCenter image]
And that’s not all–MaCatte Antivirus 2009 will block currently installed or downloaded anti-virus software. It will redirect your browser to various misleading websites, including the rogue program’s homepage, www.macatte.com.
Once installed, MaCatte Antivirus will start automatically when you boot Windows. Then it will scan your computer and display numerous infections, but will not remove them until you first purchase the program.
The cost of cleaning the “malicious” files comes at the rip-off price of $99. Leading legitimate anti-virus security products don’t come close to the cost of this imposter. I hope that’s an eye opener for you. Don’t become a victim.
Update: McAfee’s legal team contacted the domain registrars, who swiftly brought down the site to spare unsuspecting surfers from becoming victims to this imposter. Detection is available beginning with the 5793 DATs as FakeAlert-MaCatte.