Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    A fake Malicious Software Removal Tool (MSRT) has been found circulating in the wild. Senior threats analyst Edgardo Diaz stumbled upon a sample that Trend Micro detects as TROJ_FAKEAV.MSRT.

    From the onset, it looks like the real MSRT based on the icon it uses. Similar to other FAKEAV variants, it also displays a fake scanning alert that the user’s system has been supposedly infected by malware.

    Click for larger view

    However, keen-eyed users will notice that this tool is fake due to the following reasons:

    1. File size: It is relatively small, making up only 412,672 Bytes.
    2. Digital signature: The real tool is digitally signed, this isn’t.
    3. Antivirus product: It scans for installed antivirus products on the system and informs users that the recommended software (Shield EC Antivirus) can only remove the malware.
    Click for larger view

    However, the clincher comes at the end. Like its predecessors, it entices users to purchase the recommended rogue antivirus—Shield EC Antivirus. It points users to the billing page, http://{BLOCKED} where they are asked to pay US$99.90 for the product.

    Click for larger view

    Trend Micro product users are already protected from this attack via the Trend Micro™ Smart Protection Network™, which detects the said FAKEAV variant. Non-Trend Micro product users, on the other hand, can use the free cleanup tool, HouseCall.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice