SCF Advanced Search



  • Total Members: 13736
  • Latest: parasti
  • Total Posts: 38282
  • Total Topics: 12871
  • Online Today: 1341
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)


Author Topic: Fake Antivirus Attacks, Demands Ransom (RogueWare - Total Security 2009)  (Read 2932 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7522
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

The fake antivirus phenomenon has taken an unpleasant turn with the discovery of a Windows program that not only cons users into buying an unnecessary license but appears to lock files and applications on the victim's PC.

According to security company Panda Security, rogueware program Total Security 2009 starts out in conventional fashion with the 'discovery' of a no n-existent malware infection for which it demands an unusually ambitious $79.95 (£50), and even has the cheek to ask a further $19.95 for 'premium' technical support.

Users deciding against purchasing the license find that all files and applications on their PC have been designated as 'infected' and made inaccessible until the user follows on-screen instructions to buy a license using the only working application, Internet Explorer.

According to Panda Security, the technique used to block access involves simple interception of Windows calls to open files and applications, closing them before they can open:
Sophisticated techniques such as file encryption are not needed.

"This intercepting technique has been used before in other malware, for instance any rootkit malware, which is specifically designed to hide and kill processes silently in the background. However, this is the first time in history it has been spotted in conjunction with rogueware," said Panda Security's technical director, Luis Corrons..

Panda Security's demonstration video shows the con working on an XP system: Rogueware with new Ransomware Technology™

The program itself is remarkably developed, as has become a new trend for bogus antivirus in recent months, and mimics the design and configuration options found on many legitimate programs, including setting up 'updates', privacy settings and scanning schedules. It is even possible to change the default language from English to German or Spanish.

"The way this rogueware operates presents a dual risk: first, users are tricked into paying money simply in order to use their computers; and second, these same users may believe that they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected," said Corrons.

The bogus program would get on to a user's PC in the first place after they had either clicked on a link in a spam email, or by visiting an infected distribution website, or even by visiting the program's convincing-looking product homepage. Once registered, Total security 2009 remains on the system.

"This technique allows the criminals to make money before the AV companies catch up to them with signatures to finally detect the threat. Specifically, criminals will generate a new undetected sample on the fly and then distribute it to users. Knowing that the AV companies will detect it shortly, the criminals force users into purchasing the rogueware before the signature detection can kick in to remove it," said Corrons.

The program has been circulating for some weeks and infection rates are believed to be small. But the technique of combining fake antivirus prompts with a form of ransom-cum-hijacking will probably become a new front in the fake antivirus industry's campaign to make people buy more completely useless programs.

In the last year, fake antivirus programs have become possibly the biggest money-making scam on the Internet after spam marketing, even managing to find distribution on false pretences through premium Internet sites such as The New York Times.

There is growing evidence that many genuine antivirus programs don't detect some of these scam programs, which might also be a reason behind their success.


Samker's Computer Forum -


  • SCF Advanced Member
  • ***
  • Posts: 171
  • KARMA: 18
  • Gender: Male
I dont find rogue-ware as an 'effective' way of scamming, if you have decent knowledge of computer.
Sad, most people aren't educated and does not have sufficient knowledges to protect their identity from
well? understand ma bad English.


  • SCF Member
  • **
  • Posts: 42
  • KARMA: 6
Wow... My friend uses this ... he tried to get my to use it to... I shall send him this new letter and make him get a legit virus scanner =s


  • SCF Administrator
  • *****
  • Posts: 7522
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
I shall send him this new letter and make him get a legit virus scanner =s

You have this option "Send this topic" for notifications... (above a name of this Topic)

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising