12345

12/12/2011

[Information] XP Antispyware 2012, A steady fake Anti-Virus SW

1. Information

 
XP Antispyware, one of the best fake Anti-Virus Softwares, began aggressively investing for upcoming 2012. Its name is "XP Antispyware 2012", which is unfortunately optimized for inducing payment.
In case of this fake Anti-Virus, it came to us again with its new release around the year as always. Therefore, users need to be careful on downloading applications and not to be induced.



2. Spreading path and symptoms of infection

In case of this fake Anti-Virus program, it mainly uses SNS, attachment of e-mail, and web sites which are weak for certain vulnerability. And XP Antispyware has been being updated constantly.



Its well organized interface and fake infection report can induce user to pay.
If a user is being infected by this Anti-Virus SW, general use and removal of this program will be difficult.
Once infected, you can see following screen.



It shows user fake infection report then shows window for register. This will induce user to pay.



The payment window is very neat, however, "DOWNLOAD", "SUPPORT" menu doesn't work.
Fake Anti-Virus can even block Internet Explorer.


IE doesn't work!

Not only explorer, but cmd.exe and regedit.exe are also blocked by this fake Anti-Virus' firewall.
Because execution file is inserted in Shell -> open commend in registry, that window will appear.
General users can feel difficult, because several complex steps including registry removal and process will be needed for treat.
Following another fake Anti-Virus is disguised as a "Kaspersky's Internet security".



Both file name and program are disguised as by Kaspersky's.

3. How to prevent

Needless to say, the highest purpose of malicious program is for money. We try to effort against that fraud.
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

2 comments: