Fake Anti-Virus software: Writing is on the Desktop

One of the techniques used by fake anti-virus applications is to not only display annoying popup messages (eg. “Attention! System detected a potentional hazard (TrojanSPM/LX)”), but this piece of malware goes further. It also changes your Windows wallpaper as shown below.

In this case, the Windows desktop wallpaper (default Windows desktop background image) gets changed prior to all other fake messages. After that, this malware waits for a few minutes, and starts displaying windows popups in the form of small balloons with the usual prompts and messages of “starting scan” and throwing out classical fake “Scanning for threats” messages. These messages are naturally followed by more prompts that to remove these spyware, you need to visit their website.

There is no point in scrutinizing the text, but a few things probably deserve attention. As was mentioned above – the message contains an inordinate amount of grammatical errors (the text could have been translated via a translation engine) with ones and zeroes in the background.

Yeah, its only ones and zeroes, but the malware authors in this case clearly want to obtain your “real” money for “fake” spyware messages.

Sophos detects this piece of malware as Troj/DwnLdr-HVB.