Fake Security Software Spammed in the Wild

And again, we got some fresh copies of fake security software attempting to replace legitimate applications and steal people's private information. The folks at security company Trend Micro have noticed that a URK link redirecting the users to a download of RootkitBuster is distributed on the web. Although we've seen such exploits in the past, there are two new aspects: first of all, it seems like the spammed links are sent to registered members of certain download websites; secondly, we're talking about a fake program which aims to gather email addresses, obviously with spamming purposes.

The fake RootkitBuster has already been included into the virus definitions of several vendors, so updating your antivirus would be a great idea if you want to remain on the safe side. For example, Trend Micro's security products flags the application as TROJ_FAKEBUSTR.A, a Trojan horse that can be deployed on most Windows versions, including XP and Server 2003.

After the installation has been completed, the Trojan opens a pop-up window, requiring users to enter their names and emails in order to register the program and receive updates. "The data entered by unknowing users is then sent to a remote malicious user, possibly using the gathered addresses to spam the same Trojan to more users or for other more malicious activities", JM Hipolito of Trend Micro explained.

As you can see, downloading software from the web can easily turn into a pretty dangerous activity, no matter if you attempt to download security applications or any other utilities. That's why extra care is recommended when downloading any format of file from the web.

As you probably know, you can download the Trend Micro application straight from Softpedia, without any risk (as you can see on the download page, the application is 100% clean).