AntiVirus 2009 - BSODs and Fake Reboot continue in new variants

Posted Friday, October 03, 2008 3:38 PM by hwaldron

Trend Micro is continuing to see more variants of Antivirus 2009 in the wild using these tactics to frighten users (i.e., new term of "scareware" was been introduced).  Unfortunately, inexperienced users may feel it's their true AV system that's creating these messages.  They may become infected by following "the yellow brick road" of prompts that eventually load these malicious agents. 

Keeping AV protection updated is important.  However, the malware agent is constantly changing with new variant to avoid AV detection (e.g., Packing algorithms, MD5 hash total changes, HTML changes, etc).

Please be careful with all email and websites.

AntiVirus 2009 - BSODs and Fake Reboot continue in new variants
http://blog.trendmicro.com/rogue-av-tactics-continue-to-threaten/

QUOTE: October has just begun and Trend Micro threat researchers keep seeing more and more — slightly different, but yet increasingly more annoying — variations to the set of rogue AV infection signals we have been documenting on this blog.

This variant is an ongoing iteration of the Antivirus 2009 campaign and is detected as TROJ_FAKEAV.SV.  It is nice to see Microsoft and the State of Washington going after scareware purveyors. We completely support efforts to bring these criminals to justice.

Some Past references
http://blog.trendmicro.com/rogue-av-theatrics-on-extended-run/
http://blog.trendmicro.com/a-million-search-strings-to-get-infected/

Use of Task Manager to close pop-up messages more safely
http://msmvps.com/blogs/harrywaldron/archive/2008/08/22/malware-close-encounters-close-pop-ups-using-task-manager-to-safely-exit.aspx

Comments

No Comments