I have seen many, many applications masquerade themselves as legitimate Anti-Virus software.
Today I saw another version of a Fake online AV scanner
Normally, FakeAV comes as an executable, which in turn downloads its other components. Then the executable starts “scanning” your computer and picks up abut half a million or so threats. All very simple.
The page starts by giving me the following message:
Clicking “OK” brought me to the home page of the Fake Antivirus software, where it pretended to do a full system scan on my computer. Notice that the web page is complete with folder icons and drive information and even a security guarantee
As you can see, its very similar to the “desktop” version of such FakeAVs.
Indeed, once it finishes scanning, I get a full spiel of what’s wrong with my computer, along with a final warning to not navigate away from this page, when I try to close the window.
Clicking on “start protection” on the bottom right of the page prompted me to download the FakeAV executable, the master key to all doors and the solution to all my problems ;-)
We detect this malware as Troj/FakeAV-BLW.