In a recent blog posted on 18th November we talked about the significant threat that AV rogues had posed for our users this year.  Besides the prevalent rogues covered by the MSRT, the following is a longer list of AV rogues detected by Microsoft AV products such as Microsoft Security Essentials, Forefront Client Security, etc.

You may recognize some of the relatively recent rogues from this list such as FakeXPA, FakeSecSen and FakeRean. Some others, such as Winfixer and SpySheriff, have origins that actually go back to more than four years ago. On page 100 of our Security Intelligence Report volume 7, we observed that rogues remained a significant threat even though they trended down to 13.4 million infected computers in 1H09 from 16.8 million in 2H08. (Internet Explorer 8 SmartScreen Filter, a browser-based security feature, contributed to part of the decline).

As we have done in the past, we again encourage our readers to run a complete, up to date AV product such as Microsoft Security Essentials to protect their computers from these rogues, especially if located in English speaking countries - the regions where these rogues appear most active (as highlighted in the SIR). MSRT is a baseline tool we provide for the ecosystem to remove prevalent threats such as high profile rogues. With Security Essentials, on the other hand, you get the benefit of the complete AV signature set from the MMPC and you get the essential protection features an AV solution needs – real time, kernel mode detection, scheduled scan, complicated cleaning functionalities to address the emergent threats, etc.

Still, awareness of the threat event is also important. Take a look at some of the write-ups of these threats, get familiar with some of the enticing rogue skins used (like that displayed in the Win32/InternetAntivirus screenshot below) and tell your friends and families to be alert to the tricks used to socially engineer victims into opening their wallets for these 'useless at best' rogue AVs.

Scott Wu - MMPC