Malicious third parties are leveraging the looks of Microsoft Security Essentials, a free anti-malware program distributed by Microsoft, to trick users into installing dangerous malware that will corrupt the user’s system according to reports on the reported on their Windows Team Blog
Microsoft Security Essentials will scan a computer to find viruses and other malware that can do harm to a user’s computer. But an infection called Win32/FakePAVâ€ is passing itself off as Microsoft’s program and enticing users into downloading, installing and then running the application. The Windows blog reported:
This fake software is distributed by a tactic commonly described as a drive-by downloadâ€ and shows up as a hotfix.exe or as an mstsc.exe file. Additionally, after the fake Microsoft Security Essentials software reports it cannot clean the claimed malware infection, it offers to install additional antimalware rogues (with names such as AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross). Lastly, this fake program will try to scare you into purchasing a product.
To protect yourself, first install real and safe anti malware programs like the real Microsoft Security Essentials or another program that is trusted. Be sure to download them from a trusted site also. If you have a security program installed, update it to ensure that you are protected against this attack.
The Windows Team Blog has a detailed look at how FakePAV works and how it tricks many users into infecting their systems.
To summarize, the infection looks for certain programs like the Windows Registry Editor, Internet Explorer, Windows Restore and other built-in Windows utilities. When it sees the program being run, it shows the above warning screen and blocks the application from running.
The warning looks very much like a Microsoft Security Essentials warning including a detailed description when Show details >>â€ is clicked. The program then says it cannot clean the infection after you click on either Clean computerâ€ or Apply actionsâ€ buttons. It asks you to Scan onlineâ€ and it shows a list of fake antivirus applications. If you click on one of them it will act like it is cleaning your system of the infection by installing another application. Eventually it scares you into paying for one of these fake security programs.
The good news is that using Microsoft Security Essentials will remove the problem. This is a decent free application that does not bog down a system’s resources like some other anti-malware applications. Always remember that Microsoft Security Essentials will never ask you to download additional software other than routine updates which are downloaded through Windows Update and a third party program.