|10 Nov 2010||#1|
| || |
MSRT Tackles Fake Microsoft Security Essentials
We've seen a few rogue security programs use elements of legitimate security software in order to try to make themselves appear more authentic. It was inevitable that Microsoft Security Essentials would be the target of this kind mimicry. While some rogues have simply copied Security Essentials' name, others have gone further by imitating elements of the Security Essentials user interface. By far the most prevalent of these is Win32/FakePAV, which is this month's addition to the MSRT family list.
When FakePAV sees an attempt to run certain programs, it displays a fake Security Essentials alert dialog.
At first glance, there is very little that differentiates this from a real Security Essentials alert, beyond the bogus malware name ("Unknown Win32/Trojan"). You can close the window, but in a crude attempt to emulate the behavior of real-time malware blocking, FakePAV also terminates the program that it reports as a threat. This effectively means you can't run programs in FakePAV's kill list, including Internet Explorer and other common web browsers. This kind of technique has become extremely popular with rogues and serves the dual purpose of making the claims of infection more convincing and making the machine harder to use without registering the rogue.
Predictably, FakePAV's behavior differs greatly from Security Essentials' when you ask it to clean what it has found. FakePAV claims that it can't remove the threat and prompts you to "scan online".
It then pretends to scan the file again. Earlier variants of FakePAV would display bogus results from a list of anti-virus scanners, including legitimate ones, but invariably only five fictional scanners were reported to actually detect the threat:
MSRT Tackles Fake Microsoft Security Essentials - Microsoft Malware Protection Center - Site Home - TechNet Blogs
|My System Specs|
|Similar help and support threads for2: MSRT Tackles Fake Microsoft Security Essentials|
|Security Essentials 2011 / 2010 - Rogue Microsoft Security Essentials||Security News|
|Free Microsoft Security Tool Kills Microsoft Security Essentials Alert||Security News|
|Fake Microsoft Security Essentials software on the loose.||Security News|
|New Scareware Displays Fake Microsoft Security Essentials Alerts||System Security|
|Malware Watch: Fake Patch Tuesday emails, fake MSRT tool||System Security|
|Microsoft Killing MSE Security Essentials Fake.||News|
|MSRT Fake||System Security|