Content

Generic FakeAlert!htm

Type
Trojan
SubType
Script
Discovery Date
03/16/2009
Length
varies
Minimum DAT
5555 (03/16/2009)
Updated DAT
5764 (10/07/2009)
Minimum Engine
5.2.00
Description Added
03/16/2009
Description Modified
07/24/2009 8:00 AM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

Overview -
-- Update July 24, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2009/07/23/eclipse_scareware_scam/

--

This is a detection for HTML files that contains code for performing fake online malware scan.

The following are some websites that host this Trojan:

  • spyware-scannerv3.com
  • thesecureyourpc.com

Once user connects to any of the above websites, it displays fake malware infection alert.

Then it performs fake malware scanning and shows report of infection.

This fake alerts will then lead to download a Rogue Antivirus Software "Personal Antivirus" and saves it as %USERPROFILE%\local settings\temp\setup-{random}.exe.

The downloaded file is detected as FakeAlert-DI.

Symptoms

Presence of downloaded file

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

Removal

Variants

Variants

    N/A

All Information

Overview -

Overview -
-- Update July 24, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2009/07/23/eclipse_scareware_scam/

--

This is a detection for a trojan that displays misleading fake alerts to entice the user into buying a product to "repair" malware problems.

Characteristics

Characteristics -

Overview -
-- Update July 24, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2009/07/23/eclipse_scareware_scam/

--

This is a detection for HTML files that contains code for performing fake online malware scan.

The following are some websites that host this Trojan:

  • spyware-scannerv3.com
  • thesecureyourpc.com

Once user connects to any of the above websites, it displays fake malware infection alert.

Then it performs fake malware scanning and shows report of infection.

This fake alerts will then lead to download a Rogue Antivirus Software "Personal Antivirus" and saves it as %USERPROFILE%\local settings\temp\setup-{random}.exe.

The downloaded file is detected as FakeAlert-DI.

Symptoms

Symptoms -

Presence of downloaded file

Method of Infection

Method of Infection -

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.

Removal -

Removal -

Variants

Variants -

    N/A