NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft / Security

Security


Microsoft Continues to Fight Fake Windows Antivirus Products

Win32/FakeXPA and Win32/Yektel in addition to Win32/FakeSecSen

By Marius Oiaga, Technology News Editor

18th of December 2008, 18:18 GMT

Adjust text size:


Security
Enlarge picture
Not only did Microsoft, in partnership with the Washington Attorney General Office, initiate legal actions against makers of fake antivirus products, but the Redmond company is fighting the new plague impacting its operating system one piece of malicious code at a time. In this context, the software giant has added two new rogue antivirus families to its signatures this month on top of Win32/FakeSecSen in November, namely Win32/FakeXPA and Win32/Yektel.

“In raw numbers, Win32/FakeXPA appears less prevalent than Win32/FakeSecSen; a week after the release of MSRT November, Win32/FakeSecSen had been removed from 994,061 distinct machines. But as was the case with Win32/FakeSecSen, Win32/FakeXPA often installs multiple components – usually each install consists of an executable (.EXE) and a Control Panel applet (.CPL), which launches the EXE,” revealed Microsoft’s Hamish O'Dea.

Malicious Software Removal Tool has managed to clean 394,247 computers infected with Win32/FakeXPA and Win32/Yektel since the two fake antivirus products were added to its signatures. Still, in the first week since MSRT started cleaning compromised computers, it removed 198,812 instances of Win32/FakeSecSen from and 218,015 instances of Win32/FakeXPA.

“By this measurement, Win32/FakeXPA was actually more prevalent than Win32/FakeSecSen. This also implies that 'partial' installations were more common in the case of Win32/FakeSecSen. This could be because Win32/FakeSecSen uses more components, some of which are more likely to be left behind if the threat was cleaned manually or by another security product. It could also be because Win32/FakeSecSen has been around longer than Win32/FakeXPA, with more opportunities to be found and partially removed,” O'Dea said.

In November, MSRT removed malicious code instances part of the Win32/FakeSecSen family from 994,061 machines. Members of the Win32/FakeSecSen family include but are not limited to Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus and Ultra Antivirus 2009.

TAGS:

Win32/FakeXPA | Win32/FakeSecSen | Win32/Yektel | rogue antivirus
Read by 2,482 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Excellent (5.0/5) 1 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News
| Yesterday's News | News Archive


MORE RELATED ARTICLES:


Yahoo Tops Microsoft with Search Data Anonymisation

Firefox 2.0 Is Dead – Download Firefox 3.0.5 and Firefox 2.0.0.19

Out-Of-Band IE8 Beta 2 Patch for Critical 0Day Vulnerability Drops Today

IE8 Beta 2 Exploits Hosted on Adult Content Websites

IE7 vs. Chrome 1.0 vs. Opera 9.62 vs. Firefox 3.0.4 vs. Safari 3.2 vs. Password Security

Download Vista SP1 – IE8 Application Compatibility Update

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM