New Fake AV Scam

Franklin · Aug 23, 2010

After executing the exploit nothing seems to happen till you try to open your browser or Task Manager then a fake Microsoft Security Essentials Alert pops up stating you are infected.

On hitting Clean Computer then Scan Online another fake scan dialogue comes up where you have a choice of five different rogue AV's to choose from to download which are nearly all the same with different skins.

antispy.exe - 1 /42 (2.4%) - 2010-08-24

CloneRanger · Aug 23, 2010

Nice of them to offer a choice What will they think of next

wat0114 · Aug 23, 2010

CloneRanger said:

Nice of them to offer a choice What will they think of next
Click to expand...

Just as hilarious, note the ones with "Scan result" found trojan or rootkit and are Free install no name brand programs

subratam · Aug 23, 2010

Hey Franklin,

could you kindly zip and mail the rogue file "password-infected" to subratam AT subratam DOT com

thanks,
Sub

siljaline · Aug 28, 2010

You will find a complete removal guide for this new rogue here prior to proceeding you should request the assistance of a security expert at said Forum.

Adding thread from ESET Forum to tie these two together for continuity.

Thanks.

SweX · Aug 24, 2010

HAHA Red Cross Antivirus

subratam · Aug 29, 2010

A detailed analysis and further research on the rogue http://blog.emsisoft.com/2010/08/29/security-essentials-not/

wearetheborg · Aug 29, 2010

subratam said:

A detailed analysis and further research on the rogue http://blog.emsisoft.com/2010/08/29/security-essentials-not/
Click to expand...

I dont get it..if this is malware then whats the point of getting the user to download another malware? Why cant the original malware do the bad stuff itself?

subratam · Aug 29, 2010

Of many possible reasons one can be to increase the impression of "genuineness" . The whole process when happens "through" the user ( even though it has loopholes), makes the process "believable" to download something intentionally. Rather than something suddenly they see in their system without prior knowledge. Think social engineering.

wearetheborg · Aug 29, 2010

subratam said:

Of many possible reasons one can be to increase the impression of "genuineness" . The whole process when happens "through" the user ( even though it has loopholes), makes the process "believable" to download something intentionally. Rather than something suddenly they see in their system without prior knowledge. Think social engineering.
Click to expand...

Interesting!! Thanks!

elapsed · Aug 29, 2010

Don't Microsoft now technically have a reason to use the law against these guys? Copyright/patent issues etc, they've copied the name directly.

siljaline · Aug 29, 2010

It's nice to see Emsi Blogging Rogues and such, Sub, though I think we've got things covered, unless I'm missing something

subratam said:

A detailed analysis and further research on the rogue http://blog.emsisoft.com/2010/08/29/security-essentials-not/
Click to expand...

CiX · Aug 30, 2010

elapsed said:

Don't Microsoft now technically have a reason to use the law against these guys? Copyright/patent issues etc, they've copied the name directly.
Click to expand...

and MSE GUI

MrBrian · Sep 1, 2010

From Rogue:MSIL/Zeven wants a piece of the Microsoft Security Essentials pie:

A new rogue has started making its appearance from compromised websites: Rogue:MSIL/Zeven. We received a sample (70be8ca73142922fd78acf2aafa9f141a977f15a) and a URL and began our investigation.

Let us say from the beginning that the guys behind this rogue like to copy big-time. They start by auto-detecting what browser the user is currently using, and then faking the malware warning page if the browser is Internet Explorer, Chrome, or Firefox. This is meant to be a social engineering scheme in order to trick the user into downloading and installing the rogue, relying on the user’s trust of his day-to-day browser.

The similarity between the fake warning pages is so accurate that it can trick even highly trained eyes.
Click to expand...

andyman35 · Sep 2, 2010

The ingenuity of these malware guys is boundless

Log in or Sign up

New Fake AV Scam

Franklin Registered Member

CloneRanger Registered Member

wat0114 Guest

subratam Registered Member

siljaline Registered Member

SweX Registered Member

subratam Registered Member

wearetheborg Registered Member

subratam Registered Member

wearetheborg Registered Member

elapsed Registered Member

siljaline Registered Member

CiX Registered Member

MrBrian Registered Member

andyman35 Registered Member

Log in or Sign up

New Fake AV Scam

Franklin Registered Member

CloneRanger Registered Member

wat0114 Guest

subratam Registered Member

siljaline Registered Member

SweX Registered Member

subratam Registered Member

wearetheborg Registered Member

subratam Registered Member

wearetheborg Registered Member

elapsed Registered Member

siljaline Registered Member

CiX Registered Member

MrBrian Registered Member

andyman35 Registered Member

Useful Searches