Courtesy of Microsoft and their Security Intelligence Report

Dec 19, 2009 11:17 GMT  ·  By

This year alone they will be responsible for infecting in excess of 25 million computers worldwide, but they could come close to compromising as much as 30 million machines.

At the root of this epidemic lay simple social engineering tactics designed, through various methods, to convince victims to pay for peace of mind. Responsible for the actual infections are pieces of malicious code that the software industry refers to under a variety of monikers, including rogue antivirus, fake antivirus, scareware, etc.

Microsoft has put together a list containing no less than 114 AV rogues which are detected by the company’s antivirus products, including Microsoft Security Essentials, Forefront Client Security, etc. It is important to note that the list contains only the official label provided by the software giant. Each of the items featured below come in a variety of packages and under a plethora of brands, which actually makes the number of fake antivirus in the wild much larger.

Users that have doubts related to a security solution that is being aggressively advertised to them should first check to make sure that the offering is indeed genuine. Microsoft, but also additional members of the security industry, constantly update information on threats posed to end users, including rogue antivirus, and publish it on websites that are available to the public. These details are available to the public, and are essentially no more than a search away, at any given time.

Modus Operandi

“Rogue security software—software that displays false or misleading alerts about infections or vulnerabilities on the victim’s computer and offers to fix the supposed problems for a price—has become one of the most common methods that attackers use to swindle money from victims. These are programs that masquerade as legitimate security programs offering protection from malware, spyware, and other threats, but actually use social engineering to obtain money from victims, and offer poor or nonexistent protection,” the Redmond company reveals in SIRv7.

Fake antivirus will take it upon itself to run a scan of computers belonging to unsuspecting users. Of course that the scan itself and the results offered are both fake. Rogue AV doesn’t actually analyze machines, nor is it capable of detecting any malware, or to remove it. It’s all smoke and mirrors, a show put on to trick users into thinking that their computers is infected with malicious code.

Once installed on a Windows PC, fake antivirus programs will attempt to scare the user into believing that various infections were detected. Rogue security solutions are designed to look very similar to genuine AV products, often copying at least elements of the graphical user interface, if not the whole UI, as well as using brands and labels mimicking, or even plagiarizing valid security offerings.

And integral part of the social engineering tactics deployed is to convince the user that the rogue AV is a genuine security solution, when in fact, much to the contrary, it is only masquerading as such. The fake AV will bombard users with alerts, and annoying, repetitive, incessant notifications, reporting inexistent infections.

At the same time, the rogue AV advertises the possibility of removing the fake infections, provided that users buy the software. Once a license is acquired, the fake AV ceases from delivering fake reports, creating the illusion that whatever malware had compromised the computer, was removed. Obviously, in this scenario, the users have been scammed into paying for protection against an inexistent threat.

114 Windows “antivirus” to avoid at all costs

1. Win32/FakeXPA – Aliases: Win-Trojan/Downloader.56320.M (AhnLab), Win32/Adware.XPAntivirus (ESET), not-a-virus:Downloader.Win32XpAntivirus.b (Kaspersky), FakeAlert-AB.dldr (McAfee), W32/DLoader.FKAI (Norman), Mal/Generic-A (Sophos), XPAntivirus (Sunbelt Software), Downloader.MisleadApp (Symantec), XP Antivirus (other), Antivirus 2009 (other), Antivirus 2010 (other), Antivirus 360 (other), Total Security (other), AntivirusBEST (other), GreenAV (other), Alpha Antivirus, other), AlphaAV (other), Cyber Security (other), Cyber Protection Center (other), Nortel (other), Eco AntiVirus (other), MaCatte (other), Antivirus (other), Antivir (other), Personal Security (other).

2. Trojan:Win32/FakePowav– Aliases: Win Antivirus 2008 (other), SpyShredder (other), WinXProtector (other), Rapid Antivirus (other), Security 2009 (other), Power Antivirus 2009 (other), WinXDefender (other), SpyProtector (other), SpyGuarder (other), MSAntiMalware (other).

3. Program:Win32/MalwareBurn

4. Program:Win32/UnSpyPc

5. Program:Win32/DriveCleaner – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro).

6. Trojan:Win32/DocrorTrojan

7. Program:Win32/Winfixer – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro), Win32/Adware.WinFixer (ESET), not-a-virus:Downloader.Win32.WinFixer.o (Kaspersky), WinFixer (McAfee), Adware_Winfixer (Trend Micro), Program:Win32/DriveCleaner (other), Program:Win32/SecureExpertCleaner (other).

8. Trojan:Win32/FakeScanti – Aliases: Windows Antivirus Pro (other), Windows Police Pro (other), Win32/WindowsAntivirusPro.F (CA), FakeAlert-GA.dll (McAfee), Adware/WindowsAntivirusPro (Panda), Trojan.Fakeavalert (Symantec).

9. Program:Win32/Cleanator

10. Program:Win32/MalwareCrush

11. Program:Win32/PrivacyChampion

12. Program:Win32/SystemLiveProtect

13. Win32/Yektel

14. Trojan:Win32/FakeSmoke – Aliases: SystemCop (other), QuickHealCleaner (other), TrustWarrior (other); SaveArmor (other), SecureVeteran (other), SecuritySoldier (other), SafeFighter (other), TrustSoldier (other), TrustFighter (other), SoftCop (other), TRE AntiVirus (other), SoftBarrier (other), BlockKeeper (other), BlockScanner (other), BlockProtector (other), SystemFighter (other), SystemVeteran (other), SystemWarrior (other), AntiAID (other), Win32/WinBlueSoft.A (CA), Trojan-Downloader.Win32.FraudLoad.vtgpk (Kaspersky), WinBlueSoft (other), WiniBlueSoft (other), Winishield (other), SaveKeep (other), WiniFighter (other), TrustNinja (other), SaveDefense (other), BlockDefense (other), SaveSoldier (other), WiniShield (other), SafetyKeeper (other), SoftSafeness (other), SafeDefender (other), Trustcop (other), SecureWarrior (other), SecureFighter (other), SoftSoldier (other), SoftVeteran (other), SoftStronghold (other), ShieldSafeness (other).

15. Program:Win32/Spyguarder.A

16. Program:Win32/AntivirusGold

17. Program:Win32/SystemGuard2009

18. Program:Win32/WorldAntiSpy

19. Program:Win32/SpywareSecure – Aliases: W32/SpyAxe.AMI (Norman), SpywareSecure (Panda), SpywareSecure (Sunbelt Software), SpywareSecure (Symantec).

20. Program:Win32/IEDefender – Aliases: Win32/Burgspill.AD (CA), IEAntivirus (Symantec), Trojan.DR.FakeAlert.FJ (VirusBuster).

21. Program:Win32/MalWarrior

22. Program:Win32/Malwareprotector

23. Program:Win32/SpywareSoftStop

24. Program:Win32/AntiSpyZone

25. Program:Win32/Antivirus2008 – Aliases: Trojan.FakeAlert.RL (BitDefender), Win32/Adware.Antivirus2008 (ESET), not-a-virus:Downloader.Win32.FraudLoad.ar (Kaspersky), WinFixer (McAfee), W32/DLoader.HDZU (Norman), Troj/Dwnldr-HDG (Sophos), ADW_FAKEAV.O (Trend Micro), Program:Win32/VistaAntivirus2008.A (other), MS Antivirus (CA).

26. Trojan:Win32/PrivacyCenter – Aliases: Fake_AntiSpyware.BKN (AVG), Win32/FakeAV.ACR (CA), Win32/Adware.PrivacyComponents (ESET), not-a-virus:FraudTool.Win32.PrivacyCenter (other), not-a-virus:FraudTool.Win32.Agent.jn (Kaspersky), FakeAlert-CP (McAfee), Troj/PrvCnt-Gen (Sophos), SpywareGuard2008 (Symantec).

27. Program:Win32/SpyLocked

28. Program:Win32/Trojanguarder

29. Program:Win32/MyBetterPC

30. Program:Win32/NeoSpace

31. Win32/Winwebsec - Aliases: SystemSecurity2009 (other), System Security (other), Winweb Security (other), FakeAlert-WinwebSecurity.gen (McAfee), Mal/FakeAV-AK (Sophos), Troj/FakeVir-LB (Sophos), Adware/AntiSpywarePro2009 (Panda), Adware/UltimateCleaner (Panda), Adware/Xpantivirus2008 (Panda), Win32/Adware.SystemSecurity (ESET), Win32/Adware.WinWebSecurity (ESET), AntiVirus2008 (Symantec), SecurityRisk.Downldr (Symantec), W32/AntiVirus2008.AYO (Norman), Total Security (other), AntiSpyware Pro 2009 (other), FakeAlert-AntiSpywarePro (McAfee).

32. Trojan:Win32/FakeRemoc - Aliases: AntiMalwareSuite (other), VirusRemover2009 (other), PCAntiMalware (other), Total Virus Protection (other), SpywareRemover2009 (other), AntiMalwareGuard (other), Secure Expert Cleaner (other), Cleaner2009 Freeware (other), AVCare (other), AV Care (other).

33. Program:Win32/SpywareStormer

34. Program:Win32/SecurityiGuard

35. Program:Win32/DoctorCleaner

36. Program:Win32/UniGray

37. Win32/FakeSecSen – Aliases: Micro AV (other), MS Antivirus (other), Spyware Preventer (other), Vista Antivirus 2008 (other), Advanced Antivirus (other), System Antivirus (other), Ultimate Antivirus 2008 (other), Windows Antivirus 2008 (other), XPert Antivirus (other), Power Antivirus (other).

38. Program:Win32/VirusRemover – Aliases: Troj/FakeVir-DR (Sophos), VirusRemover2008 (Symantec), ADW_FAKEVIR (Trend Micro).

39. Program:Win32/Privacywarrior

40. Program:Win32/PrivacyProtector

41. Adware:Win32/SpyBlast

42. Trojan:Win32/FakeFreeAV

43. Win32/FakeRean - Aliases: XP AntiSpyware 2009 (other), XP Security Center (other), PC Antispyware 2010 (other), Home Antivirus 2010 (other), PC Security 2009 (other), ADW_WINREANIMA (Trend Micro), Win32/Adware.WinReanimator (ESET), not-a-virus:FraudTool.Win32.Reanimator (Kaspersky), WinReanimator (Sunbelt Software), XP Police Antivirus (other), FakeAlert-XPPoliceAntivirus (McAfee), Adware/XPPolice (Panda), AntiSpyware XP 2009 (other), Antivirus Pro 2010 (other).

44. Program:Win32/Antivirus2009 – Aliases: Win32/Adware.XPAntivirus (ESET), FakeAlert-AB.gen (McAfee), MalwareWarrior (other), Antivirus2009 (other).

45. Program:Win32/AntiSpywareDeluxe – Aliases: Adware.Fakealert-134 (Clam AV), Win32/Adware.AntiSpywareDeluxe (ESET), FraudTool.Win32.AntiSpywareDeluxe.a (Kaspersky), AntispyDeluxe (Symantec), TROJ_RENOS.CP (Trend Micro).

46. Program:Win32/Searchanddestroy

47. Program:Win32/AlfaCleaner

48. Program:Win32/WebSpyShield

49. Win32/InternetAntivirus – Aliases: InternetAntivirus (Symantec), General Antivirus (other), Personal Antivirus (other), not-a-virus:FraudTool:Win32.GeneralAntivirus.b (Kaspersky), Mal/FakeAV-AC (Sophos), TrojanDownloader:Win32/Renos.gen!Z (other), Fraudtool.GeneralAntivirus.C (VirusBuster), Internet Antivirus Pro (other).

50. Trojan:Win32/Antivirusxp – Aliases: Antivirus XP 2008 (other), Win32/Adware.WinFixer (ESET), Generic FakeAlert.a (McAfee), W32/WinFixer.BTB (Norman), Troj/FakeAV-AB (Sophos), AntiVirus2008 (Symantec), Program:Win32/Antivirusxp (other).

51. Program:Win32/ErrorGuard

52. Program:Win32/SpyCrush

53. Trojan:Win32/Fakeav

54. Program:Win32/Spyaway

55. Trojan:Win32/WinSpywareProtect – Aliases: Win32/Adware.WinSpywareProtect (ESET), Trojan-Downloader.Win32.FraudLoad.aob (Kaspersky), WinSpywareProtect (Symantec), Program:Win32/WinSpywareProtect (other), Trojan.FakeAV.GP (BitDefender), Win32/Adware.MSAntispyware2009 (ESET), Packed.Win32.Katusha.a (Kaspersky), FaleAlert-BV (McAfee), Adware/MSAntiSpyware2009 (Panda), Fraudtool.MSAntispy2009.A (VirusBuster), MS Antispyware 2009 (other), AV Antispyware (other), Extra Antivirus (other).

56. Program:Win32/Fakerednefed – Aliases: WinDefender 2008 (other), Program:Win32/Defendwin (other), Program:Win32/Windefender (other).

57. Program:Win32/Antispyware2008

58. Program:Win32/EZCatch

59. Program:Win32/EvidenceEraser

60. Program:Win32/Vaccine2008

61. Win32/FakeSpypro – Aliases: FakeAlert-C.dr (McAfee), SpywareProtect2009 (Symantec), Troj/FakeAV-LS (Sophos), Win32/Adware.SpywareProtect2009 (ESET), .Win32.FraudPack.kho (Kaspersky), Spyware Protect 2009 (other), Antivirus System Pro (other), Security Central (other), Barracuda Antivirus (other).

62. Trojan:Win32/FakeCog – Aliases: Win32/Adware.CoreguardAntivirus (ESET), not-a-virus:FraudTool.Win32.CoreGuard2009 (Kaspersky), FakeAlert-FQ (McAfee) , W32/Renos.FIP (Norman) , Mal/TDSSPack-L (Sophos), CoreGuardAntivirus2009 (Symantec), Fraudtool.CoreGuard2009.A (VirusBuster), CoreGuard Antivirus 2009 (other).

63. Program:Win32/AntiVirGear

64. Adware:Win32/VaccineProgram

65. Program:Win32/TrustCleaner

66. Program:Win32/SearchSpy

67. Program:Win32/AntiSpywareExpert – Aliases: Win32/Adware.AntiSpywareMaster (ESET), Generic.Win32.Malware.AntiSpywareExpert (other), WinFixer (McAfee), AVSystemCare (Symantec), AntiSpywareExpert (Trend Micro), not-a-virus:FraudTool.Win32.AntiSpywareExpert.a (Kaspersky).

68. Program:Win32/VirusRanger – Aliases: VirusRescue (Symantec) .

69. Program:Win32/SpyDawn

70. Program:Win32/UltimateFixer

71. Program:Win32/WinHound

72. Program:Win32/Spyshield

73. Program:Win32/SpySheriff – Aliases: Win32.TrojanDownloader.IEDefender (Ad-Aware), MagicAntiSpy (Sunbelt Software), Adware.SpySheriff (Symantec), SpyShredder (Symantec), IEDefender (other), Malware Destructor (other), SpySheriff (other), SpyShredder (other).

74. Program:Win32/Antispycheck – Aliases: Win32/Adware.AntiSpyCheck (ESET), AntiSpyCheck (Symantec).

75. Program:Win32/SpywareIsolator – Aliases: not-a-virus:FraudTool.Win32.SpywareIsolator.ad (Kaspersky), SpywareIsolator (Symantec).

76. Program:Win32/SpyFalcon

77. Program:Win32/PrivacyRedeemer

78. Trojan:Java/VirusConst

79. Trojan:Win32/FakeVimes – Aliases: FakeAlert-CQ (McAfee), Extra Antivirus (other), Ultra Antivirus 2009 (other), Malware Catcher 2009 (other), Virus Melt (other), Windows PC Defender (other).

80. Program:Win32/PCSave – Aliases: Win-Trojan/Pcsave.339456 (AhnLab), PCSave (McAfee).

81. Program:Win32/PSGuard

82. Program:Win32/SpywareStrike

83. Program:Win32/Nothingvirus

84. Trojan:Win32/AVClean

85. Trojan:Win32/FakeIA.C - Aliases: Win32/FakeAlert.RW (CA), Dropped:Trojan.FakeAv.DS (BitDefender), FakeAlert-AB (McAfee), Trojan.Fakeavalert (Symantec), not-a-virus:FraudTool.Win32.Delf.d (Kaspersky).

86. Program:Win32/AntispyStorm

87. Program:Win32/Antivirustrojan

88. Program:Win32/XDef

89. Program:Win32/AntiSpywareSoldier

90. Program:Win32/AdsAlert

91. Program:Win32/AdvancedCleaner – Aliases: AdvancedCleaner (Symantec).

92. Program:Win32/FakePccleaner - Aliases: Program:Win32/Pccleaner (other), Win32/Adwrae.PCClean (ESET), Backdoor.Win32.UltimateDefender.hu (Kaspersky), PCClean (Symantec), Program:Win32/UltimateCleaner (other).

93. Program:Win32/SpywareQuake

94. Program:Win32/WareOut – Aliases: WareOut (McAfee), W32/WareOut (Norman), WareOut (Sunbelt Software), SecurityRisk.Downldr (Symantec), Adware.Wareout (AVG).

95. Program:Win32/Kazaap

96. Program:Win32/SystemDefender

97. Trojan:Win32/FakeSpyguard – Aliases: Spyware Guard 2008 (other), Win32/Adware.SpywareGuard (ESET), FakeAlert-BM (McAfee), SpywareGuard2008 (Symantec), ADW_SPYWGUARD (Trend Micro), System Guard 2009 (other), Malware Defender 2009 (other).

98. Program:Win32/SpyHeal

99. Program:Win32/VirusBurst

100. Program:Win32/VirusRescue

101. Program:Win32/TitanShield

102. Program:Win32/Easyspywarecleaner

103. Trojan:Win32/Fakeinit – Aliases: Trojan.FakeAlert.AUW (BitDefender), Win32/FakeAV.ABR (CA), Fraudtool.XPAntivirus.BCVY (VirusBuster), Adware/AntivirusXPPro (Panda), AntiVirus2008 (Symantec), Advanced Virus Remover (other), Win32/AdvancedVirusRemover.G (CA).

104. Program:Win32/AntiVirusPro

105. Program:Win32/CodeClean

106. Trojan:Win32/Spybouncer

107. Program:Win32/MalwareWar

108. Program:Win32/VirusHeat

109. Adware:Win32/SpyAxe – Aliases: VirusHeat (other), ControVirus (other).

110. Program:Win32/Awola – Aliases: not-virus:Hoax.Win32.Avola.a (Kaspersky), Generic FakeAlert.b (McAfee), W32/Awola.A (Norman), Awola (Symantec), JOKE_AVOLA.D (Trend Micro).

111. Program:Win32/MyNetProtector

112. Program:Win32/FakeWSC

113. Program:Win32/DoctorAntivirus

114. Program:Win32/UltimateDefender – Aliases: Ultimate (McAfee), UltimateDefender (Symantec), ADW_ULTIMATED.ME (Trend Micro), Risktool.UltimateDefender.A.Gen (VirusBuster), Adware.UltimateX-15 (Clam AV), Win32/Adware.UltimateDefender (ESET).

Microsoft Security Essentials 1.0 can be downloaded for free via this link.