Microsoft's Malicious Software Removal Tool was updated this week to detect a generic type of fake antivirus program known as "Win32/InternetAntivirus".
The Microsoft Malware Protection Center gives Win32/InternetAntivirus an alert level of "severe". The software is "a rogue program that displays false and misleading alerts regarding malware, in order to convince users to purchase rogue security software," according to a Microsoft Malware Protection Center blog post. The program also displays a fake "Windows Security Center" message.
In addition, the rogue program runs a password stealer called "TrojanSpy:Win32/Chadem," which tries to steal FTP usernames and passwords that can be used to compromise servers for hosting malware.
"They use new domain names every day, often registering multiple names at a time, like scanfan4.info, star4scan.info and scanstar4.info," the Microsoft post says. "This is all pretty normal rogue behaviour these days. As always, only use security software that has been tested by a trusted third party."
Fake antivirus programs are very common and provide a way for scammers to make easy money. The scammers prey on the fears of Web surfers who are misled into believing their systems are infected and then pay, typically, $50 for a program that not only doesn't protect their computers, but often turns out to be malicious.
Microsoft and the attorney general's office in Washington state filed a handful of lawsuits last year over so-called "Scareware" pop-up ads that entice consumers into paying for software that supposedly fixes critical errors on a PC.
The Malicious Software Removal Tool is updated every second Tuesday of the month as part of Patch Tuesday.
Separately on Wednesday, Barracuda Networks, a provider of e-mail and Web security products, warned of a Web site using the Barracuda brand to sell a rogue antivirus program. If downloaded, the program performs a fake scan of the computer and installs spyware, the company said.
This articloe was first published as a blog post on CNET News.
Play video
There are currently no comments for this post.