14 DAY TRIAL // A new scareware threat is using some very convincing tricks, which include displaying fake Microsoft Security Essentials (MSE) alerts.
According to security researchers from Symantec, as soon as the malicious installer is executed on a computer, a fake MSE window pops up and warns the user of an alleged infection called "Unknown Win32/Trojan."
The alert lists C:\WINDOWS\system32\cmd.exe as being infected and claims that "This program is dangerous and executes commands from an attacker."
If the "Clean computer" or "Apply actions" buttons are clicked, the user is taken to a new MSE-like window, which shows a list of over 30 security solutions allegedly in the process of scanning the file.
The catch is that five programs from this list – AntiSpy Safeguard, Major Defense Kit, Peak Protection 2010, Pest Detector 4.1 and RedCross Antivirus – are rogue.
At the end of the scan only they will appear to have detected the threat and a "Free install" button will be displayed next to them.
Clicking one any of them will launch an interface that looks the same except for the unique logo of each program.
This is usually the point where most scareware programs will say that numerous infections were found, but removing them requires a license key.
However, this rogue antivirus is a lot more subtle. It claims a number of threats were detected and that most of them were actually cleaned, except for a few which need a special heuristic module.
Of course the additional module is not free and the program makes significant efforts to persuade the user to buy it.
"The success and penetration of fraudulent security software depends on its ability to scare the user into buying a fake security product.
"Over the years we have seen that many social engineering techniques have evolved in attempts to achieve this. This is the latest and most convincing of them all" Symantec researcher Sujit Magar, writes.
