In association with heise online

01 March 2010, 14:42

Scareware is getting down to business

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit


Zoom The Fakeinit scareware claims to be Security Essentials 2010.
Source: Microsoft
In its blog, the Microsoft Malware Protection Center (MMPC) describes a particularly stubborn type of scareware which calls itself "Security Essentials 2010", emulating the name of Microsoft's Security Essentials.

The scareware, labelled Fakeinit by Microsoft, doesn't just worry users by issuing dozens of fake virus and trojan alerts, it even actively gets down to business. Not only does it attempt to terminate various other programs, claiming they are infected, it also downloads and installs the Alureon root kit on the Windows PC.

Furthermore, the scareware inserts itself into the computer's network connection as a "Layered Service Provider" (LSP) component and monitors whether the user accesses specific pages. When a user tries to access popular websites such as amazon.com, ebay.com or twitter.com, Fakeinit blocks the connection and instead issues an infection alert in the browser – prompting the user to install anti-virus software.

Additionally, the scareware swaps the desktop background for the message "Your System is infected". Finally, it continuously opens the buy-security-essentials.com page and tries to coax the user into purchasing a full version of the "Security Essentials 2010" program for €50 (£45). The web page has since been taken off line.

Microsoft warns of Fakeinit, pointing out that the real Microsoft Security Essentials detect this scareware. However, the MMPC's blog does not give any practical instructions for users whose systems have already been infected. Suitable forums such as trojaner-board.de and xp-vista.com, on the other hand, offer various solutions. As the Alureon root kit is installed by the scareware, users should consider reinstalling their systems. Alureon recently attracted attention by causing blue screens after security update MS010-015 was installed under Windows XP.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-943045
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit