Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Does this warning message look familiar?

    Click for larger view

    This new rogue antivirus is detected by Trend Micro as TROJ_FAKEAV.BUH. Ever since FAKEAV malware began making itself look as realistic as possible, its attempts have become increasingly more convincing and sophisticated as shown below.

    Click for larger view

    Along the way, it has added some new quirks like prompting an infection message every time a specific process is run (which then prevents that process from executing) as shown below.

    Click for larger view

    However, some countermeasures can still help users in this situation. Some processes such as Internet Explorer (IE) and Windows Explorer will still run. Users can also try renaming other programs to enable these to run normally.

    In the past, unfortunate users have faced legal problems because of adult images on their machines due to malware. FAKEAV has adopted this behavior as well, as TROJ_FAKEAV.BUH displays the following adult website.

    Click for larger view

    With all these malicious routines as well as being present in the infection chain of other malware, it is easy to see why fake antivirus malware is such a significant threat.

    Trend Micro product users, however, need not worry as Smart Protection Network™ prevents the download and execution of TROJ_FAKEAV.BUH on their systems.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice