Aug11 |
11:00 pm (UTC-7) | by
Jessa De La Torre (Threat Response Engineer) |
A fake Malicious Software Removal Tool (MSRT) has been found circulating in the wild. Senior threats analyst Edgardo Diaz stumbled upon a sample that Trend Micro detects as TROJ_FAKEAV.MSRT.
From the onset, it looks like the real MSRT based on the icon it uses. Similar to other FAKEAV variants, it also displays a fake scanning alert that the user’s system has been supposedly infected by malware.
 |
However, keen-eyed users will notice that this tool is fake due to the following reasons:
- File size: It is relatively small, making up only 412,672 Bytes.
- Digital signature: The real tool is digitally signed, this isn’t.
- Antivirus product: It scans for installed antivirus products on the system and informs users that the recommended software (Shield EC Antivirus) can only remove the malware.
 |
However, the clincher comes at the end. Like its predecessors, it entices users to purchase the recommended rogue antivirus—Shield EC Antivirus. It points users to the billing page, http://{BLOCKED}buypage.com/index_new.php?sid=205 where they are asked to pay US$99.90 for the product.
 |
Trend Micro product users are already protected from this attack via the Trend Micro™ Smart Protection Network™, which detects the said FAKEAV variant. Non-Trend Micro product users, on the other hand, can use the free cleanup tool, HouseCall.
Share this article |
 |
        |
Pingback: Iedereen veilig online » Blog Archive » Namaak antivirus steelt namen van bekenden