AfterDawn: Tech news

Microsoft warns about rogue Security Essentials scareware

Written by James Delahunty (Google+) @ 28 Feb 2010 7:06 User comments (16)

Microsoft warns about rogue Security Essentials scareware For those of us who regularly work with malware-infested machine as part of our jobs, rogue anti-malware software is absolutely nothing new. In Windows XP in particular, rogue software often portrays itself as Windows Security Center (while disabling the actual Security Center) to provide false warnings to users about (usually) non-existent virus and spyware infections.
Now, Microsoft has spotted a rogue piece of scareware that portrays itself as its Security Essentials suite (as have I on one laptop already), which is freely available to Windows users that have genuine software installed. As usual, the rogue anti-malware client lists a bunch of bullsh** infections before asking a user to pay a fee to purchase a "full" non-trial version of Security Essentials.

Here is what it looks like...


Click to Enlarge (Credit: Technet)


Microsoft Security Essentials is available as a free download for users of genuine software, but the phony "Security Essentials 2010" claims to unlock removal and cleaning functionality if the user will pay up. Actually filling out this information puts a user at risk of fraud (stolen credit card details) and of course, identity theft.


Click to Enlarge (Credit: Technet)


The malware also changes the users' Desktop background, alerting that "YOUR SYSTEM IS INFECTED". "System has been stopped due to a serious malfunction. Spyware activation has been detected." the background reads. "It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed." Again, this should be a dead giveaway to anybody with a little bit of experience with security software or and an understanding of English.


Click to Enlarge (Credit: Technet)


The malware also blocks access to a number of popular video websites, which includes Facebook, eBay, YouTube, BBC News and more. Microsoft's real Security Essentials software detects the malware as Trojan:Win32/Fakeinit.

Previous Next  

16 user comments

128.2.2010 8:43

...and don't forget those useless things advertised on TV...like STOP SIGN and SpeedUpMyPC, etc.

228.2.2010 14:33

I remember when I experienced one of those desktop background messages. I couldn't do anything with out some error popping up.

328.2.2010 18:55

Fail, it looks nothing like the real MSE.

428.2.2010 21:23

Originally posted by DXR88:
Fail, it looks nothing like the real MSE.
Doesn't matter. Non-computer-savvy people usually have horrible memory. Anything red will spark some fear enough to do whatever the screen says. It's all well-documented stuff for anyone who studies UI design.

51.3.2010 0:05

where i come from red means don't touch it. if you studied human behavior you would know you just have to touch it.

This message has been edited since its posting. Latest edit was made on 01 Mar 2010 @ 0:07

Powered By

64.3.2010 12:49

Quote:
Originally posted by DXR88:
Fail, it looks nothing like the real MSE.
Doesn't matter. Non-computer-savvy people usually have horrible memory. Anything red will spark some fear enough to do whatever the screen says. It's all well-documented stuff for anyone who studies UI design.
You got that right! That goes for at least 80% of the world's population.

74.3.2010 18:44

my wife and inlaws got this from a link within MySpace that they use that pointed to a 3rd party link while they were using the MySpace tool to add images to their profile.

The only way to resolve this was to do a google search for hours and remove the file 1 by 1 and the other option i had was to redo the OS on the computer and start from scratch.

I hate that stupid fake program and such a pain, which is why I'm careful when I visit a site and use the status bar to see where it's going and if it looks fishy I simply don't go to it.

84.3.2010 19:44

Originally posted by g_slide:
my wife and inlaws got this from a link within MySpace that they use that pointed to a 3rd party link while they were using the MySpace tool to add images to their profile.

The only way to resolve this was to do a google search for hours and remove the file 1 by 1 and the other option i had was to redo the OS on the computer and start from scratch.

I hate that stupid fake program and such a pain, which is why I'm careful when I visit a site and use the status bar to see where it's going and if it looks fishy I simply don't go to it.
Before going to such an extreme, try MalwareBytes Antimalware (MBAM) (very well known and trusted FREE tool to remove such crapware). RubberDucky, the developer of MBAM, is very good at adding support for these new scareware's too his scanner and safely removing them.

94.3.2010 20:58

Ditto on Malwarebytes

There is a great deal of very nasty malware out there. Key loggers and trojan downloader/installers will steal your idenity and/or passwords credit and #s and anything else of value on your computer.

ChappyTTV what exactly happened? You were not specific about the damage. Why were you googling? What it posting the images/files on the web?

108.3.2010 1:43

Originally posted by Mez:
Ditto on Malwarebytes

There is a great deal of very nasty malware out there. Key loggers and trojan downloader/installers will steal your idenity and/or passwords credit and #s and anything else of value on your computer.

ChappyTTV what exactly happened? You were not specific about the damage. Why were you googling? What it posting the images/files on the web?
Hi Mez
No, it wasn't me that got hammered, it was an above poster. I just saw that he was close to re-installing the OS because of a scamware infection and pointed them to MBAM for these things.

I'm a security expert and used to reverse engineer new unknown varients for AV companies on the side. Was ground floor with HJT developer and admin a few well known security forums...I don't get these things unless I want to test them..;) but I know all too well how easily these buggers can get even the most security aware folks lately. They're really getting good at obfuscating their infection techniques.

118.3.2010 7:27

ChappyTTV, have any suggestions for removing bots? I got infected removed the virus with Malwarebytes but not the bots. I could see DOS boxes flash open during start up that should not have been there. I am using a new C:

1210.3.2010 18:46

Hi Mez

Yuck eh, that sux horribly. Without being "hands on" at your machine, the steps to capture the data from the command line flashes you see, and analyze all running processes they may produce, is a touch lengthy and probably won't really make much change in the outcome. At some point we just have to say "F-it" and start fresh, especially since long distance, back & forth online help can really only go so far before it becomes near pointless.
Personally, I would transfer personal data to a temp partition and start over. Make sure to over-write (not just format) the new system drive and reinstall. Then move (after a scan of course) your personal stuff back to the new partition and then over-write all the rest of the space before using it again. It has been known that malicious code left after a simple format "can", in some instances, become activated once again. Since formatting does Not remove data, an overwrite is required to eliminate that possibility.

I would also suggest to become a member of a well known security help site, such as BleepingComputer, Besttechie.net (my old site...shameless plug), or the MBAM forums. Obviously if you got bots, and most likely more than that, places like those can really help you learn how to avoid future problems, and maybe you'll find a new calling for yourself in the process. It becomes very gratifying to learn the insides of PC security and then use that to help others out.
Also if you want, you could try to get your current install cleaned up at one of the sites too. There are some of the BEST experts in the world at these sites and if you want to spend the time with some of them, they'll gladly give it a shot with you, and you may really enjoy the challenge.

Best of Luck Mez!
Dave

1328.3.2010 4:21

I just got this virus on Saturday(March 27 2010)I 'm glad I saw this article in february and Afterdawn really saved me a crap load of money and thank god I had my recovery discs.

However I may not have a screen shot but my once then Windows Live One Care picked up a file called ave downloaded itself on my computer but instead of fake trojans it showed regular programs,rather odd if you ask me.

1428.3.2010 17:00

Originally posted by Tristan_2:
However I may not have a screen shot but my once then Windows Live One Care picked up a file called ave downloaded itself on my computer but instead of fake trojans it showed regular programs,rather odd if you ask me.
A virus download legitimate apps with old create dates so unless the file name in on the scanner's list you will NEVER find it. Check for automated tasks that you didn't make. After the initial infection the maleware can look clean.

1526.9.2010 11:07
spam
Vahvistamaton

type your comments here

1626.9.2010 11:39
spam
Vahvistamaton

type your comments here

Comments have been disabled for this article.

News archive