Home / malware Rogue:JS/FakeAV
First posted on 29 January 2014.
Source: MicrosoftAliases :
There are no other names known for Rogue:JS/FakeAV.
Explanation :
Threat behavior
Rogue:JS/FakeAV is a generic detection for a trojan script that tries to download and run rogue security software when you visit a malicious web page and move your mouse cursor over certain graphics or images.
Installation
Rogue:JS/FakeAV does not install locally. However, it can be cached in your temporary Internet files folder after you visit a malicious web page.
Payload
Downloads rogue security software
The trojan script can download rogue security software, including Win32/FakeRean. We have also seen it download other malware, including Win32/Winwebsec.
It generates a dialogue box that asks you to run a fake security scan or download and run fake security software. This software can then further compromise your PC.
The fake scan can look like the following:
The following are some of the dialog boxes that indicate this script has run:
Analysis by Marianne Mallen
Symptoms
The following could indicate that you have this threat on your PC:
- You see these dialog boxes:
Last update 29 January 2014
