TippingPoint Digital Vaccine Laboratories

Filter 5432 also catches VirusProtectPro

After the release of filter 5432: "Spyware: Malicious Anti-Spyware Program Download" in DV 7336, we received reports of another fake anti-spyware program caught by this filter: VirusProtectPro. This brings the total list of fake anti-spyware caught by this one filter to: AntiVermins, MalwareWipe, SpyCrush, SpyDawn, SpyFalcon, SpyHeal, SpywareQuake (aka SpyQuake2), SpywareStrike, VirusBlast, and VirusProtectPro.

This unexpected catch was by design. 5432, like the other fake anti-spyware filters 4082 and 4083, look for general characteristics of the download in order to catch multiple variants and other variants not yet created.

The fake anti-spyware programs are known to exaggerate simple files as being evil or install actual malware and then detect it. They also use deceptive error messages and attempt to intimidate users into purchasing their software in order to remove the malware. Completely uninstalling the fake anti-spyware programs can be difficult.

So, good news for all. Filter 5432 will have its description updated in the next Digital Vaccine release to include VirusProtectPro in the list.

Tags: malware
Published On: 2007-07-17 11:27:17

Comments post a comment

No comments.
Trackback