Custom Web Applications to Grow Your Business

(256) 429-8145

New Malware using Fake Win7 AV Anti Virus Software Features

There is a new malware attack out that tries to force a fake Microsoft Security Essentials clone on unsuspecting victims. It also creates fake browser warnings that look like the real thing. This malware was reported by Microsoft Malware Protection Center on Sept 1st. Even experienced eyes are finding it hard to tell the difference due to the attack appearing strikingly similar to the real thing. First it uses social engineering to detect the browser being used to display the appropriate warning page. It currently contains warnings for IE, Firefox and Chrome. The faked warning page appears almost exactly the same as the real warning page. What gives it off is that the fake contain some misspelled words and urges the user to renew their virus protection via update or upgrade. Once the user clicks the link it sends them to the homepage to download the malware Rogue:MSIL/Zeven. The homepage itself resembles the real Microsoft Security Essentials homepage, containing an actual link to the real Microsoft Malware Protection Center. Once the malware is installed it looks like a real anti-virus program called Win7 AV with real anti-virus software features such as: scans, updates and alerts for out-of-date definitions, and it even has settings but none of it work. It does what most fake anti-virus malwares do. It "scans" and pretend to have detected a bunch of infections that must be removed immediately. The only problem is it wants you to pay some money to upgrade to the full version. If the user falls for this trick and tries to purchase the full version, it pops a window that claims to have strong encryption in "Safe Browsing Mode" which "of course" does nothing to secure credit card information. This is a very cunning attack but it is not new and the user can avoid it by remembering a few details. First thing to remember is true browser warnings don't have links or messages for users to download anything and will not contain misspelled words. Another thing to remember is Microsoft Security Essentials is a completely free software so it will not ask for money to update or upgrade anywhere on the program or web site. Rocket City Computers LLC 2601 New Orleans St SW 3413 Office 256-886-3779 Fax (413) 683-5524