Microsoft kicks fake security software off 400,000 PCs
In the second month of a campaign against fake security software, Microsoft has booted the rogue application "Antivirus 2009" from almost 400,000 PCs, the company recently claimed.
December's version of the Malicious Software Removal Tool (MSRT), a free utility that Microsoft pushes to Windows users as part of Patch Tuesday, targeted one of the most popular phony security app, Antivirus 2009. According to Microsoft, the MSRT erased the fake from over 394,000 PCs in the first nine days after it released this month's edition on Dec. 9.
Last month, Microsoft trumpeted a similar cleaning operation against another family of bogus security software that it said had purged nearly a million machines of programs like "Advanced Antivirus," "Ultimate Antivirus 2008" and "XPert Antivirus."
December's campaign targeted a different family -- dubbed "W32/FakeXPA" by Microsoft -- that includes fake security software going by names such as "Antivirus XP," "AntivirusXP 2008" and "Antivirus 2009."
Windows users increasingly have been plagued with worthless security software as criminals bundle the money makers with other malware or seed significant users with waves of spam touting the programs. According to one researcher, cybercrooks can pull in as much as $5 million a year by installing the rogue programs on PCs, then dunning users with infection claims and constant pop-ups until the victims pay $40 or $50 to purchase the useless applications.
Microsoft also aimed the December version of MSRT at an affiliated piece of malware, called "W32/Yektel," that works alongside W32FakeXPA and is often bundled with the phony security software.
Classified by Microsoft as a Trojan horse, Yektel takes advantage of users' worries about browser security by inserting false warnings into Internet Explorer. Those warnings, explained Microsoft researcher Hamish O'Dea in a post to the company's malware protection center blog two weeks ago, appear at random and mimic IE's own legitimate drop-down alerts.
Newer variations of the Yektel Trojan go a step further, and insert phony warnings into Google search results, said O'Dea. Whenever these even-sneakier versions detect IE rendering a URL that includes "google," it inserts a fake message that reads "Google has detected unregistered Antivirus 2009 copy on your computer. Google recommends you activate Antivirus 2009 to protect your PC from malicious intrusions from the Internet."
The links from Yektel's IE and Google warnings, of course, take users to a Web site where users are urged to pay $50 to register Antivirus 2009.
Windows users can download the MSRT manually from Microsoft's Web site or via the Windows Update service.
» posted by ITworld staff
Computerworld
pasmith
Kindle news: pricing, business models and ... source code?
mulderjoe
Cell phone gaming: In search of good mobile games
jfruh
The guts of the iPhone 3GS
Enter your caption for this week's cartoon! The winner will receive a $25 Amazon gift card. Go now!
Essential JavaFX
Get started building rich Web apps quickly with an introduction to the power of JavaFX key features -- scene node graphs, nodes as components, the coordinate system, layout options, colors and gradients, custom classes with inheritance, animation, binding, and event handlers.Enter now!
The Nomadic Developer
Consulting can be hugely rewarding, but it's easy to fail if you are unprepared. To succeed, you need a mentor who knows the lay of the land. Aaron Erickson is your mentor, and this is your guidebook. Enter now!
