James Delahunty
28 Feb 2010 7:06
For those of us who regularly work with malware-infested machine as part of our jobs, rogue anti-malware software is absolutely nothing new. In Windows XP in particular, rogue software often portrays itself as Windows Security Center (while disabling the actual Security Center) to provide false warnings to users about (usually) non-existent virus and spyware infections.
Now, Microsoft has spotted a rogue piece of scareware that portrays itself as its Security Essentials suite (as have I on one laptop already), which is freely available to Windows users that have genuine software installed. As usual, the rogue anti-malware client lists a bunch of bullsh** infections before asking a user to pay a fee to purchase a "full" non-trial version of Security Essentials.
Here is what it looks like...
Microsoft Security Essentials is available as a free download for users of genuine software, but the phony "Security Essentials 2010" claims to unlock removal and cleaning functionality if the user will pay up. Actually filling out this information puts a user at risk of fraud (stolen credit card details) and of course, identity theft.
The malware also changes the users' Desktop background, alerting that "YOUR SYSTEM IS INFECTED". "System has been stopped due to a serious malfunction. Spyware activation has been detected." the background reads. "It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed." Again, this should be a dead giveaway to anybody with a little bit of experience with security software or and an understanding of English.
The malware also blocks access to a number of popular video websites, which includes Facebook, eBay, YouTube, BBC News and more. Microsoft's real Security Essentials software detects the malware as Trojan:Win32/Fakeinit.