Threat Description:
Smart Security (also known as SmartSecurity) is a fake anti-spyware program that continues the malicious job started by Security Tool – its direct precursor. Apparently, Smart Security as been released to bring its creators some commercial gain by tricking people. It installs in a hidden manner using trojans for exploiting vulnerable spots of the potential host Operating System. Smart Security’s intrusion will typically bypass the user’s attention because it all takes place on the background. When inside, Smart Security makes certain system changes such as Windows Registry modification and creation of new corrupt files on the system. This kind of fraud job performed by Smart Security leads to its taking over your system. Smart Security will make your PC run its junk executables which turn out to outrank the rest of your system processes. The ‘fun part’ will begin with the multiple popup ads and security scanners displayed by Smart Security stating that you are having some serious malware issues and need to get them corrected.
Threat Description:
Whenever you happen to encounter the computer program called Antivirus 7 (alias Antivirus7), we highly recommend that you stay clear and refrain from downloading it, nor should you click any of its popup ads. Antivirus 7 is actually a scareware system buster that attacks computers stealthily and deliberately makes the infected PCs act up. This bad program displays loads of hectic popup alerts and runs scanners that are supposed to impersonate some sort of a computer check for viruses and other potentially unwanted applications. All these warning messages appear out of the blue and notify you about some risks which have been detected on your machine. It’s important to realize though that Antivirus 7 makes up all of its malware detection reports for one basic purpose – to spoof you out of your money. Indeed, Antivirus 7 first claims to have found something suspicious on your computer and then tells you that you need to register its full version to tackle all these issues which are in fact non-existent and must not be taken for granted.
Threat Description:
Trojan.Makplu.A (alias Trojan.Makplu) is one of the numerous dreadful threats exploring the Internet to find new victims and badly damage their computers in case of successful intrusion. Trojan.Makplu.A usually comes as a hidden component of various files downloadable from different unsafe web sources. On infiltrating your Operating System, Trojan.Makplu.A uses its process ‘Spoolc.exe’ to take over your machine. Your computer will be sure to start acting up. This activity will be discernible through slower system functioning, Internet connection problems and possible browser hijack. Trojan.Makplu.A is additionally prone to triggering some ads that mislead you in various ways into clicking them and consequently let another malware inside unknowingly. Also, chances are this parasites opens a backdoor for computer crooks to get unimpeded access to your system. So it doesn’t only jeopardize your computer’s functioning, it also poses a potential threat to your own privacy.
Threat Description:
Vista Internet Security 2010 is a piece of malware code that has been spreading through the web notably fast during this month. The application being looked into is in fact rogue anti-spyware, which means it’s apparently not (and the opposite to) what it claims to be. It refers to the same family as Vista Antivirus Pro 2010. A relevant factor of Vista Internet Security 2010 dangerousness consists in its backdoor infiltration methods. It literally sneaks into the depth of one’s system without letting the user know. This particular intrusion way does not do without the use of trojans whose part of the ‘mission’ is to spot and exploit vulnerabilities of the to-be host. Now, let us list the most common symptoms of Vista Internet Security 2010 residing inside one’s OS. These are: Registry and files modifications, system productivity deterioration and of course the fake scanners and phony popup alerts, being the integral attribute of any scareware campaign.
Threat Description:
Win 7 Internet Security 2010 is a sample of rogue anti-spyware at its worst. This unsafe program infects Windows 7 based Operating Systems that turn out to be incapable of resisting the attack of a trojan downloader carrying the dangerous load of the scam software in question. Win 7 Internet Security 2010 adds some registry keys that subsequently compel the compromised system to execute the associated corrupt process known as ‘Av.exe’. Once this is done, every boot of your system will be followed by an automatically launched alleged security scanner that pops up regardless of whether the user likes it or not. This scan will mimic a virus check on your PC. It will report tons of infections when through with the scan procedure. Then, Win 7 Internet Security 2010 recommends its victims to purchase its full version after clicking on the ‘Registration’ button. In that case, people get rerouted to Win 7 Internet Security 2010 official site that appears to be tied up to the billing (payment) system serving this scareware campaign.
Threat Description:
Pc-windows-live.com is a browser hijacker that functions for distributing the payload of XP Antivirus Pro 2010 rogue security program. It’s pretty interesting that Pc-windows-live.com, if accessed from a random computer, will return a web page dedicated to the software called Windows Defender 2010 which is in fact the general name for a whole family of scareware tools and does not really exist. Below is a screenshot of Pc-windows-live.com site that we made on our lab computer after we had it infected with XP Antivirus Pro 2010 malware. As you can see, it has identical design but promotes a different program than if you visit it directly. Such trick is a result of the malware’s intervention into your HOSTS file and some other system settings including the browser configuration, in the first place. So the only case when you hit Pc-windows-live.com is after a browser redirect implemented by rogue anti-spyware which evidently resides on your workstation, perhaps without you even being aware of it.
Threat Description:
Salebogs.com is all about making a PC user think he/she has got tons of security problems. This site is by all means hazardous as it contains rogueware downloader and is full of trojans. Virus Protector is the program being promoted by Salebogs.com; the online scan that runs there ends in recommending a victim to download and execute an allegedly helpful antivirus tool. Internet traffic is being driven to Salebogs.com through blackhat SEO, which means hackers try to trick people into clicking some attractive ad or open up some attachment to an Email letter from an unknown insecure source. Either way, one hits Salebogs.com unknowingly and probably not wanting to. You can check out what Salebogs.com is like by taking a quick look at the screenshot we made of it. It’s obvious that Salebogs.com tries to trade off its similarity with My computer interface of Windows OS. That look-alike page is not what it seems though. Salebogs.com is a pre-designed HTML script which is programmed to always display the same animation. So it doesn’t perform any sort of virus check for real.
Threat Description:
The main idea of Spywaredetect24pro.com domain name structure is probably meant to imply that is provides malware detection help 24×7. Well, unfortunately it’s not so. Spywaredetect24pro.com is a fraudulent website that is directly related to distribution of hazardous malware, to be more specific it is pushing Antivirus Live 2010 rogue anti-spyware application. Spywaredetect24pro.com does not pose a threat in isolation; it’s one of the several variations of Antivirus Live 2010 home site. However, there have been multiple occasions when the site in question got visited as an outcome of browser rerouting based on trojan-assisted interference with one’s HOSTS file and the browser settings that got altered considerably. If that’s the case, Spywaredetect24pro.com is quite annoying as it will keep appearing instead of a random site you feel like visiting. Spywaredetect24pro.com provides the option of using Antivirus Live 2010 payload option so it’s apparently integrated with the scam payment network of this scareware program.
Threat Description:
Spydetector2009.com is a website designed especially to provide online support to the deployment of scareware campaign of Antivirus Live 2010 threat. Actually, Spydetector2009.com alone is not dangerous to visit. It contains no malicious scripts or trojans. The site under analysis is compiled with Antivirus Live 2010 fraudulent billing system, which means people can purchase the rogue product there. Things probably get worse if you are getting your browser forcibly redirected to Spydetector2009.com for no apparent reason, as it may seem. In that case, there is some trojan cleaning job that you should perform. Trojans can hijack one’s web browser (this mostly refers to Internet Explorer which is quite vulnerable to such attacks). As a result of this jack-up activity, you will realize that something is amiss because Spydetector2009.com will keep popping up replacing the sites you actually wanted to visit. This malady is quite annoying, one must remark.
Threat Description:
Antivir-Labs.com is a parasitic site designed by computer criminals who seek new victims to get them into scareware trap. If you venture to visit Antivir-Labs.com (which is NOT advised) you will realize how intricate and obtrusive it is. It’s much safer to check out what Antivir-Labs.com is like by taking a look at our screenshot in this post. On our lab workstation, we waited for the fake scanner on Antivir-Labs.com to end and then downloaded the suggested file. A couple of moments later, we realized we got a rogue anti-spyware onto our PC. It’s called Security Tool and is one disgusting malware. So as you can see Antivir-Labs.com is a pretty short way to get your computer severely contaminated. Let’s now analyze how people get to visit Antivir-Labs.com. It’s clear that no sane person would deliberately hit a scam domain like that. It’s trojan viruses that generate all the illegal traffic to Antivir-Labs.com.