Threat Research & Response Blog
When I was at school (many, many years ago…) a teacher once told me that if someone copies you, it's a sign of flattery. Well, right now there are numerous "companies" copying us, but we are far from flattered.
For some time now, rogue security programs have been trying their hardest to look just like Microsoft security products. I suppose they figure that the more they look like us, the more likely unsuspecting users are to hand over their hard earned cash to have their computers "cleaned" by these imposters.
Lately, we have seen a resurgence in rogue activity (one particularly obnoxious threat going by the name Security Defender – aka Win32/Defmid – has been making the rounds of late); rogue security programs attempt to trick users into paying for fake antivirus software, when Microsoft consumer products, namely Microsoft Security Essentials, Safety Scanner and Windows Defender are available to all genuine Windows users at no cost. This in turn causes affected users to voice their concerns and dissatisfaction through a number of Microsoft customer feedback channels, often after being tricked into paying for the bogus antivirus to remove threats that were more than likely never present on their computer. Below are some images of imitation scans and messages displayed by rogues:
Figure 1: 'Scan results' displayed by a Win32/FakeRean variant, Privacy Protection
Figure 2: 'Windows Security Center' message displayed by a Win32/FakeRean variant
Figure 3: 'Scanner' displayed by a Win32/FakeVimes variant
Figure 4: 'Scan results' displayed by a Win32/FakeVimes variant
Figure 5: 'Security settings options' displayed by a Win32/FakeVimes variant
In addition to an increase in the number of people being affected by rogues, there seems to be increase in users receiving calls, allegedly from Microsoft support, about their "infected" computers (which Microsoft has blogged about before). To set the record straight, Microsoft would never call a user to tell them that their computer was infected.
So, allow me to clarify a few things:
We will continue to fight the good fight, and do what we can to prevent the spread of malicious programs; but in the meantime, stay safe online, and think twice before handing over your credit card details to a third party you cannot verify – like one displaying pop-ups, or on the end of an unsolicited phone call.
Jasmine SessoMMPC Melbourne