Fake Antivirus programs - also known as Rogue Security software - continue to plague PC users.  Last week, when Microsoft pushed out it’s weekly security patches, the Malicious Software Removal Tool targeted one particular file responsible for most of these extortionist programs, known as FakeSecSen.  Data released by Microsoft indicates that this malware was removed from over 990,000 computers.  Approximately 5 out of every 1000 PCs showed signs of infection.

FakeSecSen has gone by many names, including Vista Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, Antivirus 2009, and several variations of these terms.  These programs pretend to be anti-malware solutions, but in fact they do not really scan PCs, they report finding dozens or hundreds of infections which actually don’t exist, and prove extremely annoying until the users either pay the “upgrade” or “registration” fees or find a way to remove them.  Removal generally requires a genuine anti-malware utility or entails long, complicated manual steps involving registry entries, hidden files, and invisible processes.

Infection often occurs when users visit a compromised web site and click in pop-up windows offering a free security scan or free security software downloads.  Spam emails and even “drive-by” infections are also possible.

It’s nice that Microsoft has addressed this in their most recent patch release, but this is small consolation to those who become infected with this type of malware after last Tuesday, or those who have suffered for months before that.  A good computer / internet security suite such as those offered by Kaspersky Internet Security offer full protection against FakeSecSen and related malware.

Tags: malicious software, Malware, Patch, rogue security software

Author: Christopher

If you heard of maliciously rigged PDF files, then you probably have been waiting for Microsoft to patch this vulnerability that they originally blamed FireFox for back in July. Known attack vectors exist in these applications while used with Internet Explorer 7:

• Mozilla Firefox (2.0.0.5 and lower)
• Skype (3.5.0.238 and lower)
• Adobe Acrobat 8.1
• Miranda 0.7
• Netscape 7.1
• MIRC chat for windows

Back early in October, Microsoft released Security Advisory 943521 about the vulnerability and reports of remote code execution with the promise of a new patch. As of today, the patch is released as security bulletin MS07-061.

Windows XP & Windows 2003 Servers using Internet Explorer 7 should update as soon as possible to this patch.

Tags: Emerging Treats, Patch

Author: Christopher