Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - More "Fake AV" Incarnations Making The Rounds InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

More "Fake AV" Incarnations Making The Rounds

Published: 2008-12-30
Last Updated: 2008-12-30 01:39:49 UTC
by G. N. White (Version: 1)
0 comment(s)

Using obfuscated javascript techniques, more "Fake Anti Virus" malware is continuing to present itself to unsuspecting Internet users - in the hopes of gaining an installation through the use of rather effective, social engineering methods.

Some of the latest incarnations observed in the past 24 hours continue to maintain low levels of AV detection (less than 15% based on VirusTotal analysis), and have removed the tell-tale "TDSS" signature from its rootkit driver names (although 1 AV vendor continues to flag the initial stage malware as Rootkit.Win32.TDSS).   Other subsequent stage downloads are getting labeled as Trojan.FakeAlert.AKV and Trojan.Fakealert.MW by a few other AV vendors.

 In terms of propagation, getting a "hit" from this malware is as easy as entering a series of search terms on your favorite search engine, and unluckily picking a search result that delivers nothing more than the misleading introductory screen and fake anti-virus pop-up alerts (with their associated "D-level" english grammar).  Should you unfortunately find yourself victim to this, remember to not click anywhere on the screen, but instead use "Task Manager - Applications" to terminate the victimized web browser session.


0 comment(s)
Diary Archives