Fake Microsoft anti-spyware site stealing credit card info

By

Security researchers at McAfee Avert Labs have uncovered a fake "AntiSpyware Center" website purporting to be from Microsoft.

Fake Microsoft anti-spyware site stealing credit card info
The rogue site promotes a fake anti-spyware application called AntiSpyStorm, according to Avert Labs researcher Rahul Mohandas.

"Avert has blogged about rogue anti-spyware applications such as SystemDoctor, and we have probably classified several hundreds of them, if not thousands," Mohandas said in a blog post. "This threat appears to be a successor to the trojan FakeAlert-D."

The phony anti-spyware website offers an “online security scanner” that claims to search the visitor's system for viruses and spyware. After the fake examination, the site presents users with a fake list of trojans, prompting the user to download and install an ActiveX control to remove the threats.

The trojan then hijacks the infected PC's home page, shows fake alerts and exaggerated security threats and urges the user to install a trial version of AntiSpyStorm.

After installation, the phony product offers a free system scan, which reports a number of false positives. Users are prompted by AntiSpyStorm to download the full version, which attempts to trick the victim into entering credit card details to buy the non-existent product.

"The rogue anti-spyware is detected with the current DATS [McAfee virus-definition files] as 'Adware-AntiSpyStorm' and the fake ActiveX control is detected as 'FakeAlert-T,'" Mohandas said in his blog.

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?