fake antivirus

A New Spin on Rogue Antivirus

Rogue antivirus malware is on the decline, but a new, simpler version of that threat that simply redirects users to the site of a fake malware protection service has been infecting users around the world.

A piece of fake anti-virus scareware, Antivirus 8, has been
infecting computers via ICQ in recent days according
to Roel Schouwenberg at Securelist.
What makes this fake antivirus popup intriguing is that it appears infecting
users who are not actively using their computer.

We know a lot about the effects of malicious programs like rootkits and Trojan downloaders. The job of finding out exactly how the programs work, however, is painstaking. That’s because most malware authors worth their salt take steps to make their creations hard to understand. Code obfuscation and anti-debugging are common features of most sophisticated, modern malware. With patience and endurance, however, researchers are often able to pierce the veil, anyway.

Microsoft is warning of a new type of scareware,
dubbed Rogue:MSIL/Zeven, which identifies a user’s browser–whether it’s
Google Chrome, Internet Explorer or Firefox–and serves up a nearly
perfect-looking version of the browser’s malware warning page. Read the full article. [Information Week]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.