McAfee Labs experts have come across a nasty fake antivirus called System Progressive Protection that’s currently being distributed via drive-by downloads and via other pieces of malware.
System Progressive Protection is part of the Winwebsec
family and its main goal is to block victims from accessing other applications on the infected machine.
Once it finds itself on a computer, the malware displays “virus infection” alerts, attempting to trick victims into activating the product in order to fix errors and remove threats.
At this point, whenever the user attempts to execute another app, a firewall alert appears, informing him/her that it has been blocked because of a worm that’s allegedly trying to send credit card details to a remote host.
After the program is activated and the activation code is entered, all the alerts disappear, but the malicious software remains on the machine.
that the threat can be easily removed from computers with a decent antivirus program or by deleting its files and registries. Furthermore, while most apps are blocked, Internet Explorer isn’t, which means that it can be utilized to access the websites
of security companies.