The rogue site promotes a fake anti-spyware application called AntiSpyStorm, according to Avert Labs researcher Rahul Mohandas.
"Avert has blogged about rogue anti-spyware applications such as SystemDoctor, and we have probably classified several hundreds of them, if not thousands," Mohandas said in a blog post. "This threat appears to be a successor to the trojan FakeAlert-D."
The phony anti-spyware website offers an “online security scanner” that claims to search the visitor's system for viruses and spyware. After the fake examination, the site presents users with a fake list of trojans, prompting the user to download and install an ActiveX control to remove the threats.
The trojan then hijacks the infected PC's home page, shows fake alerts and exaggerated security threats and urges the user to install a trial version of AntiSpyStorm.
After installation, the phony product offers a free system scan, which reports a number of false positives. Users are prompted by AntiSpyStorm to download the full version, which attempts to trick the victim into entering credit card details to buy the non-existent product.
"The rogue anti-spyware is detected with the current DATS [McAfee virus-definition files] as 'Adware-AntiSpyStorm' and the fake ActiveX control is detected as 'FakeAlert-T,'" Mohandas said in his blog.
See original article on SC Magazine US
Fake Microsoft anti-spyware site stealing credit card info
By Jim Carr on Oct 16, 2007 9:47AM