Home / malwarePDF  

Trojan:JS/FakeSpypro


First posted on 20 July 2010.
Source: SecurityHome

Aliases :

Trojan:JS/FakeSpypro is also known as Trojan.FakeAV.KZQ (BitDefender), Trojan.FakeAV (Ikarus), Mal/FakeAvHm-A (Sophos), Trojan.FakeAV (Symantec).

Explanation :

Trojan:JS/FakeSpypro directs users to webpages that try to deceive visitors into installing a rogue antispyware program called "Antispybase". It is the JavaScript component of the Win32/FakeSpyPro rogue family. Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late. These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:

  • Microsoft Security Essentials
  • Windows Live safety scanner
  • For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
    Top

    Trojan:JS/FakeSpypro directs users to webpages that try to deceive visitors into installing a rogue antispyware program called "Antispybase". It is the JavaScript component of the Win32/FakeSpyPro rogue family. Whenever a user visits an infected webpage, the browser will display a page presenting an alleged Internet Explorer warning, for example: "Internet Explorer Warning - visiting this web site may harm your computer! Most likely causes: - The website contains exploits that can launch a malicious code on your computer - Suspicious network activity detected - There might be an active spyware on your computer" The user is ultimately guided to the purchase webpage for the rogue "Antispybase" product.

    Analysis by Dan Nicolescu

    Last update 20 July 2010

     

    TOP