The Latest in IT Security

New rogue security products to watch out for

23
Oct
2012

Fake AV operators continue to change the graphic interface design on their malicious creations.

Clones we’ve seen recently include “XP Antispyware Pro 2013,” “XP Defender 2013,” “XP Security 2013” and “XP Antivirus Pro 2013.”

Download pages are detected by at least three AVG LinkScanner signatures.

Since this is the time of year that legitimate AV companies are unveiling their 2013 versions, the fake AV operators (as in past years) are following suit.

XP AntiSpyware

XP AV

XP defender

XP security

No one expects these things to make sense, but the initial pop-up window uses the name “WindowsSecurity 2012.”

AVG LinkScanner detects the rogue (with three signatures) at this point. Closing the browser without clicking the “OK,” prevents the executable files from being installed.

Microsoft IE

Clicking the “OK” button starts the first of two fake scans.

Win Sec

Closing the browser at this point also prevents installation of the rogue executable. Clicking the “Remove all” button however, installs an executable file (periodically the files change in size, probably to inhibit AV scanner detection) and presents the following screen.

The “File Download” box is bogus, since the file has already been installed on the victim’s machine.

Win Sec2

After the scan finishes, a “Secure Transaction Processing” window appears (also of new design) and leads to a payment screen (below).

XP secure transactions

XP sec payment

Closing the browser after the rogue is installed will NOT make it go away.

The malware then stops all practical use of the infected machine by throwing up a nag screen whenever a browser or other application is opened. Below is a screen shot of a phony “XP Security 2013 Firewall Alert” when the tester attempted to open the Windows calculator application.

firewall alert

To make the phony threat a bit more credible, the rogues also pop up warnings from the Windows tray:

Virus intrusion

malware intrusion

Leave a reply


Categories

TUESDAY, DECEMBER 12, 2017

Featured

Archives

Latest Comments

Social Networks