More "Fake AV" Incarnations Making The Rounds
Last Updated: 2008-12-30 01:39:49 UTC
by G. N. White (Version: 1)
Some of the latest incarnations observed in the past 24 hours continue to maintain low levels of AV detection (less than 15% based on VirusTotal analysis), and have removed the tell-tale "TDSS" signature from its rootkit driver names (although 1 AV vendor continues to flag the initial stage malware as Rootkit.Win32.TDSS). Other subsequent stage downloads are getting labeled as Trojan.FakeAlert.AKV and Trojan.Fakealert.MW by a few other AV vendors.
In terms of propagation, getting a "hit" from this malware is as easy as entering a series of search terms on your favorite search engine, and unluckily picking a search result that delivers nothing more than the misleading introductory screen and fake anti-virus pop-up alerts (with their associated "D-level" english grammar). Should you unfortunately find yourself victim to this, remember to not click anywhere on the screen, but instead use "Task Manager - Applications" to terminate the victimized web browser session.