14 DAY TRIAL // Microsoft is working to kill a rogue antivirus solution that is spread under a label that’s simply too close for comfort to the company’s own free and legitimate security solution: Microsoft Security Essentials. The software giant first warned of a fake antivirus solution being distributed as Security Essentials 2010 at the start of 2010. Now, the latest release of With the Malicious Software Removal Tool is designed to identify and remove Security Essentials 2010 from compromised PCs. MSRT is a free security solution available from Microsoft that hunts down only a specific list of malware.
Rogue security solutions, also called fake AV or scareware, are malicious programs that trick the user into buying useless licenses for non-functioning antivirus programs. While masquerading as legitimate security products, scareware use deceptive tactics to convince users that their machines are infected when it’s not the case, and attempt to scare them into paying for a license to have inexistent threats removed. Security Essentials 2010, which is also being known as Internet Security 2010, is a rogue security program belonging to the Win32/Fakeinit malware family. Hamish O'Dea, from the Microsoft Malware Protection Center, noted that Microsoft expected the attackers behind the rogue solution to start labeling it Security Essentials 2011 soon.
“Fakeinit uses the old one-two punch of first trying to convince you that there's malware all over your system, then offering a scanner that can detect and remove it - once you pay. Fakeinit separates these functions into two components. The first component changes the desktop background,” O'Dea stated. “This component also terminates a whole bunch of programs as soon as they run. It doesn't do this to protect itself - the programs it kills include calc.exe, word.exe and freecell.exe - but rather to convince you that you are infected and generally make the machine hard to use in the hope of annoying you into paying for the scanner.”
The changed background is a pretty common tactic for rogue AV. Users get stuck with a very threatening wallpaper informing them that their PC is infected with a range of malware. Of course, this is not the case. In order to gain credibility, Fakeinit also comes with a scanner component, designed to report the inexistent threats and to make users pay to have them removed.
“If you do decide to pay, you're giving away not just your money, but also some pretty sensitive information including your name, address and credit card details. The page is not secured, meaning these details could be intercepted, but the real question is ‘what else will the makers of Internet Security 2010 do with this information?’ At best, you are likely to be charged more than you expected. Hidden at the bottom of the page, below the ‘proceed payment’ button, are options for a ‘lifetime license’ and ‘firewall and email protection’ that are already selected for you. Together they add another $39.90 to the price. This is another classic rogue trick,” O'Dea added.
Microsoft warned that Fakeinit was also downloading Win32/Alureon, a very nasty data-stealing Trojan.
The Malicious Software Removal Tool is available for download here.
Microsoft Security Essentials is available for download here.