Content
FakeAlert-HP
- Type
- Trojan
- SubType
- Win32
- Discovery Date
- 09/03/2009
- Length
- Minimum DAT
- 5744 (09/17/2009)
- Updated DAT
- 5849 (01/02/2010)
- Minimum Engine
- 5.3.00
- Description Added
- 09/03/2009
- Description Modified
- 09/16/2009 10:40 AM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
This Trojan is usually downloaded from malicious websites performing fake online scan. Specifically several variants of this trojan have been observed on websites that were artificially injected into search engines linked to the new of the death of actor Patrick Swayze.
Hackers have poisoned search engine results to insert rogue websites that attempt to silently install this FakeAlert.
Once executed the Trojan will display the following installation dialog:
The installer will then check for an internet connection by opening the www.nas.nasa.gov page. It will then download and install the rogue application from winfixdownloads.com in the form of a encrypted file named "timesroman.tiff".
Symptoms
Existance of the Total Security rogue application.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
-- Update September 16, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2009/09/15/swayze_scareware_scam
--
This is a detection for a trojan that displays misleading fake alerts to entice the user into buying a product to "repair" malware problems.
Characteristics
Characteristics -
This Trojan is usually downloaded from malicious websites performing fake online scan. Specifically several variants of this trojan have been observed on websites that were artificially injected into search engines linked to the new of the death of actor Patrick Swayze.
Hackers have poisoned search engine results to insert rogue websites that attempt to silently install this FakeAlert.
Once executed the Trojan will display the following installation dialog:
The installer will then check for an internet connection by opening the www.nas.nasa.gov page. It will then download and install the rogue application from winfixdownloads.com in the form of a encrypted file named "timesroman.tiff".
Symptoms
Symptoms -
Existance of the Total Security rogue application.
Method of Infection
Method of Infection -
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
