14 DAY TRIAL // Microsoft has updated a free security tool it is offering Windows users in order to tackle two new rogue antivirus products masquerading as Windows security software. Following the November refresh, the Malicious Software Removal Tool (MSRT) is now capable of detecting and cleaning members of the Win32/FakeVimes and Win32/PrivacyCenter families of malware. According to the company, while both examples of malicious code have been initially started to spread at the start of 2009, it is only recently that they managed to become prevalent.
“Win32/FakeVimes has gone through a lot of different names, usually with two or three active at any given time. Currently it’s calling itself Windows System Defender and Windows Enterprise Suite. Its interface may look familiar even if you’ve never had the misfortune of being affected by the malware - it has copied elements of the Windows Defender and Windows Security Center UIs and its activate* button includes an imitation of the Genuine Microsoft Software logo,” revealed Hamish O'Dea, from the Microsoft Malware Protection Center.
Furthermore, FakeVimes also mimics the User Account Control (UAC) security mitigation from Windows Vista and Windows 7. The fake UAC is designed to provide users with an option to “protect,” which when selected leads to a dialog box requiring them to activate.
The remaining rogue Win32/PrivacyCenter, just started along as Privacy Center, and it “evolved” to Privacy Components, just to end up as Safety Center. Microsoft noted that some version of PrivacyCenter were downright laughable, from the primitive interface to the fact that it “reports its own files as malware,” O'Dea noted. “Some variants of PrivacyCenter make themselves the default shell application, so when you reboot you might find that the trojan runs instead of Explorer. Both Win32/FakeVimes and Win32/PrivacyCenter are distributed through fake online scanners, similar to those used by most other rogues.”
The Malicious Software Removal Tool is available for download here.
