We thought the rogue security software trend went down this year, but in truth we are witnessing two new reported incidents by users and customers of rogues.
Total Defense Internet Security Intelligence Team has just identified the “Winwebsec” family as the most prevalent rogue software recently perceived.
According to data obtained, in only one month of monitoring the process of Winwebsec we have seen an impressive number of reported incidents which, in terms of numbers, translates into almost 7,000 issues (see Figure 1).
Figure 1 – Rogue Reported Incidents from 23 February 2012 to 23 March 2012
The most notable threat representing the Winwebsec rogue family is the nasty pest known as “Smart Fortress 2012.”
This parasite software, once executed, prevents almost all executables from running (Figure 2):
Figure 2 – Executables blocked
It blocks every application from running, like browsers, TaskManager and disables every security application installed on the computer (Figure 3):
Figure 3 – Registry entries compromised
It looks like malware authors have spent lots of time developing this kind of software to make it so real to convince people to pay for disinfection:
Figure 4 – Request of activation of Smart Fortress 2012
Figure 5 – Smart Fortress 2012 Fake Warning
Figure 6 – Smart Fortress 2012 Fake Firewall Alert
Figure 7 – Purchase page
The approach of the authors of the rogue software is still the same, but this time more sophisticated and scary.
Total Defense Security products block the malware from landing on users’ PCs, detecting it as Winwebsec.
Since we are seeing a lot of new variants created on a daily basis we strongly suggest keeping your security solution up to date.
In case of infected machines, customers are invited to contact our TDI Technical Support Team who will take care of the incident, showing the removal steps of this nasty threat.
Leave a reply