Small Business Technology Blog

Monday, March 8, 2010

4 of the 5 current biggest internet virus threats right now are Fake Anti-Virus programs!

Believe it or not 4 of the current "top 5" biggest internet virus threats right now are disguising themselves as Anti-Virus programs! How unfair!

Be careful of the following Fake-Anti-virus programs.

XP Internet Security 2010
Antivirus Soft
Anti Vir
Security Essentials 2010

Now these are their virus names, but they could show up as any other variant of "real looking" anti-virus on your computer.

They are all new rogues that are exactly the same program, but are shown with different names and interfaces depending on the version of Windows that it is run on. After I wrote this guide, I was told that this They could also appear as any of the following:
  • Antivirus Vista 2010
  • Vista Antispyware 2010
  • Vista Guardian
  • Vista Antivirus Pro
  • Vista Internet Security
  • Vista Internet Security 2010
  • XP Guardian
  • XP Antivirus Pro
  • XP AntiSpyware 2010
  • XP Internet Security
  • XP Internet Security 2010
  • Antivirus XP 2010
  • Antivirus Win 7 2010
  • Win7 Guardian
  • Win 7 Antivirus Pro
  • Win 7 Antispyware 2010
  • Win 7 Internet Security
  • Win 7 Internet Security 2010

When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it.

First, it makes it so that if you launch any executable it instead launches Antivirus Vista 2010, Win 7 Antispyware 2010, or XP Internet Security 2010.

If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself.

It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.

If it wasn't such a malicious beast I would have to give it at least a little respect for being so brilliant in it's execution!

If you've managed to stumble across this nasty little beast (likely you can't get to this website to find out!) There are removal instructions online.

As always the best defence is a good offence, keep your anti-virus up to date and surf safely.

All the best from The Technology Coach!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)