Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Beware: malware version of Microsoft Security Essentials in the wild
A new and exceedingly evil piece of malware that very cleverly imitates Microsoft Security Essentials (MSE) has emerged. It goes by the designation Win32/FakePAV -- and if you haven't recently updated your virus and malware definitions, do it now.
Screenshots on the Malware Protection Center website show this piece of malware to be depressingly good -- it really does imitate MSE very well. It probably wouldn't catch out power users (what does?), but it's easy to see how your friends and family might be fooled by this dastardly rogue.
As always, the attack vector is drive-by download, where an infected website sends you the malware executable. The first thing it does is load itself into registry, then it terminates a huge list of processes, and finally it starts popping up MSE-lookalike dialogue boxes that warn you of infection. Of course, it also watches for any programs you try to start -- if it doesn't like them, it pops up a warning box to tell you it's infected.
The best bit -- and you really need to look at the screenshots (scroll down) to appreciate this -- is that it tries to get you to buy a slew of other "anti-virus" packages with names like Red Cross Antivirus, Peak Protection 2010 and Pest Detector. Each of these fake apps has a splash screen and even a unique logo!
Remember, as technology improves, the nefarious capabilities of malware authors will also blossom. The only real solution is to stay one step ahead -- and the best way you can do that is to practice safe browsing and keep your virus and malware software up-to-date.
Comments
12
Subscribe to commentsLee MathewsOct 26th 2010 6:52AM
The most horrible thing about this:
It offers you McAfee.
Sebastian AnthonyOct 26th 2010 6:55AM
Maybe... maybe McAfee ARE BEHIND THIS APP!
bkj216Oct 26th 2010 7:50AM
This is just sickening. Why do people do this?
SeanBestOct 26th 2010 7:57AM
Seen TONS of this lately.
SanskritOct 26th 2010 8:39AM
You know, the fake ones would be a tiny bit more believable if they all didn't use the same damn slogan. How hard would it be to say "The Top Security Choice" or fake an award?
timmyOct 26th 2010 9:59AM
I got this fake MSE popup just by reading an article on msnbc.com, and I was running Norton real time AV + firewall + using Chrome with the latest updates. I closed the dialog but it had already dropped 2 .exe's on my machine and modified my registry. Luckily I already had Malwarebytes installed but it took all day to remove this. I'm guessing its a poisoned ad using a Flash or Java vulnerability. I'm not taking any more chances I'm now running Ad Block Plus, NoScript, Force-TLS, and have disabled Flash and Java
PaulOct 26th 2010 12:11PM
AdBlock Plus, NoScript, Force-TLS, disabled Flash & Java.
Wow, you've got your tinfoil hat on might tight, don't ya? That's an awful lot of work for msnbc.com (which probably looks pretty silly without Flash/Java).
But more seriously... I've been seeing this A LOT at work; I've been really surprised by it because it seems to have popped up out of nowhere (for our network, anyway).
Ryan AdamsOct 26th 2010 12:43PM
To prevent this sort of thing, why don't AV vendors include some sort of customizable "pass-phrase" into their products? For example, when you install MSE, you should be asked to enter in a unique sentence, which is encrypted (and only decryptable by MSE). This phrase would then appear in every legitimate MSE Window displayed. Viruses that imitate MSE could look identical, but they would never show the right "phrase".
ShadowFoxOct 26th 2010 1:52PM
With my unfortunate experience with TrendMicro, I've found, they actually do have this type of password system in place.
Mike ZachaczewskiOct 26th 2010 5:44PM
"and the best way you can do that is to practice safe browsing and keep your virus and malware software up-to-date" Agreed. Unless reinstalling an OS is a habbit.
DanOct 27th 2010 6:28PM
I got hit with this from the MSNBC site today also. It appears it used flash and a Java update to load (lesson learned - disallow any updates that appear when you are surfing no matter how trusted the site, unless you are on the site of the originator of the update, ie microsoft, adobe, ect.). I ran AVG antivirus (wasnt running at the time) and removed three viruses/trojans, reset IE to default, removed and reinstalled java, and ran AVG reigistry repair. Seems to be OK at the moment.
AnneNov 1st 2010 12:37PM
I have been getting this for over a month every time I access the msnbc site. Do you know of any way to contact msnbc so that they can 'clean' the site? I miss being able to access their site, especially with the elections so close!