Reports of rogue security programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparent and unlawful attempt to impersonate Microsoft products.

Earlier in 2009, the Microsoft privacy homepage became the target of rogue security software developers looking to make a fast buck. The developers of the rogue security application known as “Privacy Center” even went so far as to include a link to Microsoft to trick users into thinking the rogue is a Microsoft product. Trojan:Win32/PrivacyCenter is a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

We have received reports that this trojan has been distributed via poisoned search results, where users are redirected to sites that display fake scanners. These pages mistakenly report that the user's system is infected in order to convince users to download Trojan:Win32/PrivacyCenter. We have also received reports that this trojan has been distributed masquerading as a fake video codec. The pages and files utilized in this form of attack are highly variable, and change according to the user's location, browser and operating system. Below is a screenshot of the rogue program:

 

Win32-PrivacyCenter[2]

 

Use Microsoft Security Essentials, Microsoft Windows Defender, the Windows Live safety scanner (http://onecare.live.com/site/en-us/default.htm), or any of the scanning and removal tools from these Windows consumer security software providers: http://www.microsoft.com/windows/antivirus-partners/windows-7.aspx.

Also see our other blog post entitled “Rogues FakeVimes and PrivacyCenter added to MSRT” posted in November 2009.

 

-- Regards, Patrick Nolan, Microsoft Malware Protection Center