Microsoft's Malicious Software Removal Tool was updated this week to
detect a generic type of fake antivirus program known as
The Microsoft Malware Protection Center
gives Win32/InternetAntivirus an alert level of "severe." The software
is "a rogue program that displays false and misleading alerts regarding
malware, in order to convince users to purchase rogue security
software," according to a Microsoft Malware Protection Center blog post. The program also displays a fake "Windows Security Center" message.
This screenshot shows the fake alert the Win32/InternetAntivirus malware displays to try to scare people into paying money.
In addition, the rogue program runs a password stealer called
"TrojanSpy:Win32/Chadem," which tries to steal FTP usernames and
passwords that can be used to compromise servers for hosting malware.
"They use new domain names every day, often registering multiple names
at a time, like scanfan4.info, star4scan.info and scanstar4.info," the
Microsoft post says. "This is all pretty normal rogue behaviour these
days. As always, only use security software that has been tested by a
trusted third party."
Fake antivirus programs are very common and provide a way for scammers to make easy money.
The scammers prey on the fears of Web surfers who are misled into
believing their systems are infected and then pay, typically, $50 for a
program that not only doesn't protect their computers, but often turns
out to be malicious.
Microsoft and the Attorney General's office in Washington state filed a handful of lawsuits last year
over so-called "Scareware" pop-up ads that entice consumers into paying
for software that supposedly fixes critical errors on a PC.