FakeAV Uses False “Microsoft Security Updates”

Today at SophosLabs we encountered another interesting rogue security software (Fake AV) variant, Troj/FakeAv-AUF. When run Troj/FakeAv-AUF poses as the Windows Automatic Update facility and purports to install an update named XP Internet Security.

This is, as you will have guessed by now, not a genuine Windows security update, this is malware which redirects you from the Windows Security Center to the Fake AV interface and then presents you with false scan results that claim to have located malware on your machine. Rather a lot of malware as you can see from the picture below.

FakeAV malware employs a variety of tricks [2,3] and uses social engineering websites in oder to lure the innocent into its trap.

With the large revenue to be earned by the authors of such malware Sophos expects that more and more FakeAV trickery will be discovered in the near future.