Virus Duplicates Microsoft Security Essentials Alert

A Trojan virus can appear to potential victims as legitimate software. One technique used by propagators of Trojan viruses is to sneak in wearing the cloak of security or antivirus software. The Trojan virus then attempts to lure the victim into the scam, step by step, using fear as the motivator. Even though it's tinged with irony, one circulating Trojan virus scam comes cloaked under the guise of a Microsoft Security Essentials alert. This fake alert duplicates Microsoft Security Essentials and attempts to deceive the victim into thinking that the software giant's free malware-detection software is protecting them from malware.

The virus displays a screen that deceives the user into thinking he or she is accessing a valid Microsoft Security Essentials alert interface. It warns of "Potential Threat Details" and shows that it has detected a virus with the name "Unknown Win32/Trojan." The fake alert then advises the victim that "Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action."

Fake warnings this Trojan might display include an alert level of "Severe" and a "Remove" recommendation. The Microsoft Security Essentials alert then gives the user options via display buttons that read, "Show details," "Clean computer," "Apply actions" and "Close." The interface closely mimics the real software's appearance.

If the victim of this scareware tactic clicks "Clean computer," the click activates a message that additional measures will be needed to remove the Trojan virus, and urges the user to click "Scan Online." That's when the malware is installed onto the person's computer.

This is when the plot thickens. The Trojan next directs the user to a malware website that deceives the victim into believing that an online scan is necessary. Once a user clicks that link, the victim is redirected to a website listing around three-dozen different antivirus software applications. Sprinkled among those that are legitimate are five fake antivirus applications. These are named Peak Protection 2010, Major Defense Kit, Red Cross Antivirus, Pest Detector 4.1 and AntiSpy Safeguard. If the person takes advantage of the "Free Install" for these applications, he or she will actually be installing fake antivirus software, as all five are the same virus.

Here's the kicker: Each of the five fake antivirus applications using the fake Microsoft Security Essentials Alert will produce false positives, duping the person into believing that the product is actually hard at work finding active threats. In actuality, the supposedly helpful software is a virus. The malware will then confront the user will with messages such as, "Warning! Database updated failed!" or "Warning! Running trial version!" Next, it will urge the person to click another link that will direct the victim to a website urging them to purchase the full version of the software for better protection against malware threats.
Those who have unknowingly installed the Microsoft Security Essentials alert virus onto their personal computers should use appropriate malware removal software to get rid of the virus. A free malware-removal tool is available from Microsoft at < http://www.microsoft.com/security/pc-security/malware-removal.aspx>.

At TopTenREVIEWS We Do the Research So You Don’t Have To.™