Threat Category: Potentially Unwanted Applications | Page 5

Cleaning up a FakeAv infection can be an annoying experience. Let’s take a look at a widespread FakeAv scheme, some of the behavior patterns, and how to remove it from your system.

The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.

Recently, we’ve noticed that the rogue AVs being spread are all equipped with an “Online Support” button.

Some months ago I wrote a blog post called “The evolution of rogue antivirus” which mentioned a new trend in the graphical user interfaces of Fake Anti-viruses. Our predictions were correct.

By now most people have heard of Rogue Anti-Virus. You might have heard it referred to as Scareware, Fraudware, Fake Anti-Virus or rogue anti-virus.

Today we added detection for a new variant of the program – not-a-virus.Porn-Dialer.SymbOS.Pornidal.c. Just like its predecessor, this application can be harmful for two reasons.

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines.

We often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries

Kaspersky Lab presents its monthly malware statistics for September

Cybercriminals are unlikely to reinvent the wheel, so once you’ve encountered a scam or threat, and have learnt, you can use this information in the future. This article therefore focuses on some typical examples, and explains how you can protect yourself.

I’ve been thinking a bit about human psychology in the wake of the Fan Check virus scare

Kaspersky Lab presents its monthly malware statistics for August

This malware rating is compiled from data generated by the Kaspersky Security Network (KSN)

In addition to Trojans and Worms, Twitter seems to also be a good platform for distributing rogue security solutions.

We’ve had a number of people contacting us with queries about ‘Kaspersky Lab Antivirus Online’ after their computer showed them the ransom message.

Reports

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.

Potentially Unwanted Applications

SecurityTool Removal – An IT Handyman’s FakeAv Annoyance

Understanding Current Trends in the Fake Anti-Virus/Scareware Ecosystem

Technical Support – they’re not always the good guys

Spot the imposter: pretending to be the original

Amateur Rogue

Porn dialers for smartphones, part 2

Monthly Malware Statistics: October 2009

The evolution of rogue antivirus

Monthly Malware Statistics: September 2009

Traps on the Internet

A psychological experiment

Monthly Malware Statistics: August 2009

Monthly Malware Statistics: July 2009

Rogue anti-spyware on Twitter

Not Kaspersky

Reports

APT trends report Q1 2024

ToddyCat is making holes in your infrastructure

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

HrServ – Previously unknown web shell used in APT attack

Subscribe to our weekly e-mails