I have seen Fake Anti Virus software before. In fact, SophosLabs have been seeing them in various of different forms, like 2.
What stood out about today’s sample (Protection System), was how easily it seems to have been created. Virus names are stolen, messages and detection info are hard-coded and even the website has the *same* virus names which are hard-coded into the malware. Here are some screenshots
Notice the Virus names in IDA. This is the same list of fake alerts that the malware displays upon “scanning” the computer.
Even the website has the same list of threats!!
Either the author was too lazy to include more malware names (and descriptions) in the malware, or this is one seriously limited AntiVirus solution. It can only protect the computer against a basic list of 10-12 threats ;-).
This malware is detected by Sophos as Troj/FakeAV-TU.