October has just begun and Trend Micro threat researchers keep seeing more and more — slightly different, but yet increasingly more annoying — variations to the set of rogue AV infection signals we have been documenting on this blog.
Figure 1. Fake BSOD (actually a screensaver) now sports a specific mention of the problem — an unregistered version of a certain AV product.
Figure 2. Now even the fake reboot screen (also a screensaver) has text
Project Manager Paul Fan reminds us that malware criminals continue a “take no prisoners” approach to vandalizing PCs in their bid to convince victims to purchase bogus security software.
Advanced Threats Researcher David Sancho even calls it the “Annoy and Conquer Strategy” — cybercriminals literally calling attention to themselves by using all visual means available to instill a sense of discomfort in users that may just be enough to get these users to fall for the act — an unfortunately common scare tactic.
We’ve already discussed this threat and how the Smart Protection Network protects users in recent blog posts:
This variant is an ongoing iteration of the Antivirus 2009 campaign and is detected as TROJ_FAKEAV.SV.
One additional note — it is nice to see Microsoft and the State of Washington going after “scareware” purveyors. We completely support efforts to bring these criminals to justice.