Thursday, October 28, 2010

Beware of 'fake' Microsoft Security Essentials



Microsoft Security Essentials is a legitimate antimalware app, but a new rogue antivirus attack hijacks the brand as well

By Tony Bradley

PC World

Microsoft Security Essentials is fake. Well, it is and it isn't. Microsoft Security Essentials is a free anti malware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one.

The new malware attack is distributed through a drive-by download as either hotfix.exe or mstsc.exe, both reasonably benign and almost legitimate sounding file names that might not raise red flags with some users.

The "alert" from the threat steals the Microsoft Security Essentials brand, including the little blue fortified castle icon. The software then displays a seemingly comprehensive list of anti malware solutions, including all of the top names that users are familiar with such as Trend Micro, McAfee, Panda, and Symantec and identifies those that are capable of detecting and blocking this nefarious threat.

The F-Secure blog explains, "Surprisingly, the only products that seem to be capable of handling the infection are AntiSpy Safeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross. Never heard of these? No wonder. They are all fake products."

The attackers are counting on users being naive enough to take the bait and agree to be "saved" by purchasing one of these awesome anti malware tools to help eradicate the threat. But, since these are all rogue antivirus programs what you really end up with is some sort of Trojan that opens the system up to further malware compromise and exploit.

Don't get confused, though. As mentioned above, Microsoft Security Essentials is a legitimate anti malware application as well. It is offered for free by Microsoft, and is in fact a very capable defense against malware. Microsoft just recently expanded the availability of Microsoft Security Essentials to small businesses as well, making it free to install on up to ten PCs.

I must say, though, that I have never understood how anyone falls for rogue antivirus attacks. It seems to me that users should know whether or not they have some sort of malware protection installed, and if so which software it is. If no antimalware is installed, or if the fake alert is apparently from a program other than the one that is installed--why would anyone take it seriously?

Did magic anti malware fairies stop by in the night and install this new beneficent tool? And, doesn't it seem at all suspicious that this strange anti malware detection is capable of scanning the PC and identifying this new threat, but invites you to purchase something else to actually deal with the problem?

F-Secure detects this new rogue Microsoft Security Essentials threat as Trojan.Generic.KDV.47643.

---Like this post, Just leave a comment as your feedback. If you want us to post an article on some specific topic OR have a suggestions for us...you can also drop an email on amarjit@freehacking.net

0 comments:

Post a Comment