Scareware Locks Apps on Infected PCs

[img_assist|nid=611|title=|desc=|link=none|align=right|width=115|height=115]USA Today is reporting on a new variant of scareware that not only inundates users with exhortations to purchase phony antivirus software called “Total Security 2009,” but that also locks users out of nearly all applications until they purchase the disreputable product.  Once their PCs are infected with the malware, the only program users can open is Internet Explorer, so they can navigate to the site and make a purchase.

USA Today is reporting on a new variant of scareware that not only inundates users with exhortations to purchase phony antivirus software called “Total Security 2009,” but that also locks users out of nearly all applications until they purchase the disreputable product.  Once their PCs are infected with the malware, the only program users can open is Internet Explorer, so they can navigate to the site and make a purchase.

From the article:

It looks similar to the  fear-based promos for Virus Remover 2009,
SpywareGuard 2008, XP AntiVirus and other worthless security products,
triggering fake scans showing your PC to be riddled with viruses. But
it goes a step further by locking out access to all other
applications.  When you click on any other application a text balloon
appears above the clock in the lower left corner of your desktop. You
then get steered back to pitches to buy Total Security 2009.

Your
machine is now unusable. You won’t be able to open Microsoft Office,
your favorite online game, or even your antivirus clean up tools. The
only thing you can open  is Internet Explorer – so you can navigate to
the Total Virus 2009 shopping cart page. There you can use Visa or
MasterCard to pay $79.95 for a standard version. You may also opt to
spend another $19.95 to purchase “premium” tech support services. Once
the payment clears, you receive a serial  number to activate
TotalVirus. You can then open your other applications.

Read the full story [usatoday.com]

Suggested articles

Discussion

  • Brian of lifeofit.com on

    http://lifeofit.com/blog/?p=93

    Sean-Paul Correll of PandaLabs (http://pandalabs.pandasecurity.com/) writes in his post about a certain piece of adware called TotalSecurity2009.

    When attempting to open a file, a message pops up in the notification area claiming that the application was blocked due to infection.  The pop up recommends activating the “antivirus” software, which costs $79.95.

    What I don’t agree with is the approach PandaSecurity decided to take with this piece of ransomware. Instead of advising users on a proper cleanup procedure, they suggest registering this software using the serial numbers PandaSecurity has gleaned from the malware itself.

  • Anonymous on

    The idiot(s) who created this malware didn't think it out completely. One can clean up from this malware quite easily as long as the user has not panicked and began clicking to close the dialog boxes.

  • Tom Ledbetter on

    I recently got hit with the XP Antivirus Scareware and my concern is why Kaspersky Internet Security did not catch it.  I boast constantly to folks about this fantastic protection and then I got hit pretty darned hard.  Had to re-associate my EXE files so I could run Malwarebytes which seems to be the only thing to get rid of these apps.  We need something to block them.  Too bad really that the software I paid for is not catching this.  Hopefully BLADE will do the trick so long as it does not conflict with KIS.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.