Note: Thie sites we talk about in this post distribute Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.
AntivirusPro 2009
The user will be prompted with the following message in the event that the browser blocks the download. When the user clicks on “Click here to get full advanced real-time protection and continue browsing”, it will automatically forward them to the payment gateway page.
“Insecure Internet Activity. Threat of Virus Attack! Due to the insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes”
Installer:
There are three possible options to the Antivirus Pro 2009 Installer. Continue, Terms of Service and Cancel.
Canceling the Installation:
When attempting to exit the installer via the cancel button, the setting defaults to “Continue with installing and running free scanner.”
Terms of Service:
Interface:
The interface may look convincing to unsuspecting victims.
Scare Messages:
Victims are presented with various scare messages to entice a purchase.
“WARNING! Antivirus Pro 2009 has found 27 useless and UNWANTED files on your computer!”
Personal data at the reach of anyone’s hand
Internet history records available
Compromising and adult material stored on your system
Chat sessions’ logs and personal Emails easily reachable
Payment Gateway:
hxxps://secure.soft-payments.com via AS20495 (WEDARE We Dare BV Autonomous System)
SharedNS:
VirusTotal:
7/36 (19.44%) –>hxxp://www.av-pro-2009.com
7/36 (19.44%) –> hxxp://xp-as-2009.com
11/36 (30.56%) –>hxxp://xpas-2009.com
16/36 (44.44%)–> hxxp://av-pro2009.com
16/36 (44.44%)–>hxxp://avpro-2009.com
16/36 (44.44%)–>hxxp://avpro2009.com/
