Microsoft Continues to Fight Fake Windows Antivirus Products

Not only did Microsoft, in partnership with the Washington Attorney General Office, initiate legal actions against makers of fake antivirus products, but the Redmond company is fighting the new plague impacting its operating system one piece of malicious code at a time. In this context, the software giant has added two new rogue antivirus families to its signatures this month on top of Win32/FakeSecSen in November, namely Win32/FakeXPA and Win32/Yektel.

“In raw numbers, Win32/FakeXPA appears less prevalent than Win32/FakeSecSen; a week after the release of MSRT November, Win32/FakeSecSen had been removed from 994,061 distinct machines. But as was the case with Win32/FakeSecSen, Win32/FakeXPA often installs multiple components – usually each install consists of an executable (.EXE) and a Control Panel applet (.CPL), which launches the EXE,” revealed Microsoft’s Hamish O'Dea.

Malicious Software Removal Tool has managed to clean 394,247 computers infected with Win32/FakeXPA and Win32/Yektel since the two fake antivirus products were added to its signatures. Still, in the first week since MSRT started cleaning compromised computers, it removed 198,812 instances of Win32/FakeSecSen from and 218,015 instances of Win32/FakeXPA.

“By this measurement, Win32/FakeXPA was actually more prevalent than Win32/FakeSecSen. This also implies that 'partial' installations were more common in the case of Win32/FakeSecSen. This could be because Win32/FakeSecSen uses more components, some of which are more likely to be left behind if the threat was cleaned manually or by another security product. It could also be because Win32/FakeSecSen has been around longer than Win32/FakeXPA, with more opportunities to be found and partially removed,” O'Dea said.

In November, MSRT removed malicious code instances part of the Win32/FakeSecSen family from 994,061 machines. Members of the Win32/FakeSecSen family include but are not limited to Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus and Ultra Antivirus 2009.