Fake Microsoft anti-spyware site stealing credit card info

By

Security researchers at McAfee Avert Labs have uncovered a fake "AntiSpyware Center" website purporting to be from Microsoft.

Fake Microsoft anti-spyware site stealing credit card info
The rogue site promotes a fake anti-spyware application called AntiSpyStorm, according to Avert Labs researcher Rahul Mohandas.

"Avert has blogged about rogue anti-spyware applications such as SystemDoctor, and we have probably classified several hundreds of them, if not thousands," Mohandas said in a blog post. "This threat appears to be a successor to the trojan FakeAlert-D."

The phony anti-spyware website offers an “online security scanner” that claims to search the visitor's system for viruses and spyware. After the fake examination, the site presents users with a fake list of trojans, prompting the user to download and install an ActiveX control to remove the threats.

The trojan then hijacks the infected PC's home page, shows fake alerts and exaggerated security threats and urges the user to install a trial version of AntiSpyStorm.

After installation, the phony product offers a free system scan, which reports a number of false positives. Users are prompted by AntiSpyStorm to download the full version, which attempts to trick the victim into entering credit card details to buy the non-existent product.

"The rogue anti-spyware is detected with the current DATS [McAfee virus-definition files] as 'Adware-AntiSpyStorm' and the fake ActiveX control is detected as 'FakeAlert-T,'" Mohandas said in his blog.

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors

Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul

Log In

  |  Forgot your password?