Threat Category: Potentially Unwanted Applications | Page 5

Cleaning up a FakeAv infection can be an annoying experience. Let’s take a look at a widespread FakeAv scheme, some of the behavior patterns, and how to remove it from your system.

The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.

Recently, we’ve noticed that the rogue AVs being spread are all equipped with an “Online Support” button.

Some months ago I wrote a blog post called “The evolution of rogue antivirus” which mentioned a new trend in the graphical user interfaces of Fake Anti-viruses. Our predictions were correct.

By now most people have heard of Rogue Anti-Virus. You might have heard it referred to as Scareware, Fraudware, Fake Anti-Virus or rogue anti-virus.

Today we added detection for a new variant of the program – not-a-virus.Porn-Dialer.SymbOS.Pornidal.c. Just like its predecessor, this application can be harmful for two reasons.

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines.

We often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries

Kaspersky Lab presents its monthly malware statistics for September

Cybercriminals are unlikely to reinvent the wheel, so once you’ve encountered a scam or threat, and have learnt, you can use this information in the future. This article therefore focuses on some typical examples, and explains how you can protect yourself.

I’ve been thinking a bit about human psychology in the wake of the Fan Check virus scare

Kaspersky Lab presents its monthly malware statistics for August

This malware rating is compiled from data generated by the Kaspersky Security Network (KSN)

In addition to Trojans and Worms, Twitter seems to also be a good platform for distributing rogue security solutions.

We’ve had a number of people contacting us with queries about ‘Kaspersky Lab Antivirus Online’ after their computer showed them the ransom message.

Reports

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

Potentially Unwanted Applications

SecurityTool Removal – An IT Handyman’s FakeAv Annoyance

Understanding Current Trends in the Fake Anti-Virus/Scareware Ecosystem

Technical Support – they’re not always the good guys

Spot the imposter: pretending to be the original

Amateur Rogue

Porn dialers for smartphones, part 2

Monthly Malware Statistics: October 2009

The evolution of rogue antivirus

Monthly Malware Statistics: September 2009

Traps on the Internet

A psychological experiment

Monthly Malware Statistics: August 2009

Monthly Malware Statistics: July 2009

Rogue anti-spyware on Twitter

Not Kaspersky

Reports

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

Subscribe to our weekly e-mails