Microsoft takes aim at fake antivirus program
As part of Patch Tuesday Microsoft adds a fake antivirus program to items targeted by its Malicious Software Removal Tool.
Updated 2:45 p.m. PDT with Barracuda Networks warning of Web site promoting rogue program using the Barracuda brand.
Microsoft's Malicious Software Removal Tool was updated this week to detect a generic type of fake antivirus program known as "Win32/InternetAntivirus."
The Microsoft Malware Protection Center gives Win32/InternetAntivirus an alert level of "severe." The software is "a rogue program that displays false and misleading alerts regarding malware, in order to convince users to purchase rogue security software," according to a Microsoft Malware Protection Center blog post. The program also displays a fake "Windows Security Center" message.
In addition, the rogue program runs a password stealer called "TrojanSpy:Win32/Chadem," which tries to steal FTP usernames and passwords that can be used to compromise servers for hosting malware.
"They use new domain names every day, often registering multiple names at a time, like scanfan4.info, star4scan.info and scanstar4.info," the Microsoft post says. "This is all pretty normal rogue behaviour these days. As always, only use security software that has been tested by a trusted third party."
Fake antivirus programs are very common and provide a way for scammers to. The scammers prey on the fears of Web surfers who are misled into believing their systems are infected and then pay, typically, $50 for a program that not only doesn't protect their computers, but often turns out to be malicious.
Microsoft and the attorney general's office in Washington state filed a handful of lawsuitsover so-called "Scareware" pop-up ads that entice consumers into paying for software that supposedly fixes critical errors on a PC.
The Malicious Software Removal Tool is updated every second Tuesday of the month as part of .
Separately on Wednesday, Barracuda Networks, a provider of e-mail and Web security products, warned of a Web site using the Barracuda brand to sell a rogue antivirus program. If downloaded, the program performs a fake scan of the computer and installs spyware, the company said.