Earlier this month, the FTC managed to shut down scareware that tricked 1 million users with names such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. That doesn’t mean cybercriminals have given up though: newly discovered malware tries to take your money with a fake antivirus that changes its GUI based on which Windows operating system you are running: Windows 7, Windows Vista, or Windows XP.
For the uninitiated, scareware is scam software which claims to protect your computer from malware, but really does next to nothing useful, or nothing at all. It is typically marketed to ignorant consumers by tricking them with social engineering to cause shock or anxiety with the perception of a threat that isn’t really there. Software to “fix” their non-existent problem is then sold to these unsuspecting users.
As McAfee reports, malware authors are getting craftier this month. Since the beginning of October, the security firm has been tracking a unique variant of the FakeRean malware family of rogue security products.
If you’re on Windows 7, here’s what it looks like:
Windows Vista users get this:
If you’re still on the ancient Windows XP, you’ll see this variation:
FakeRean is distributed in one of two ways, but both happen in the background. The first is your typical drive-by download: you visit a malicious website and you get FakeRean delivered to you via an exploit in your browser. The second is via a Trojan or some other malware: FakeRean is dropped in and executed after your computer is already compromised.
FakeRean is clever. If your computer gets infected by it, the malware blocks you from accessing legitimate security applications that may remove it, and blocks security software you already have running. It also stops you from running .exe files on your machine.
In the meantime, FakeRean continues to scare you about claims of threats on your system and tries to convince you to purchase “protection” so you can “fix” your computer. It prompts you to purchase the “full” version:
McAfee says that you can regain control of your computer by clicking the Manual Activation tab, and entering the activation code 3425-814615-3990. This will not remove the malware, but it will give you some time to do so in peace.
The security firm gives the following advice to users:
Keep your systems updated with the latest patches. Insure your antimalware software is updated with the latest DATs. Always run a reputable firewall on your machines. And beware of drive-by downloads when visiting any new websites.
Image credit: Jim O’Connor