Web security researchers at the University of Alabama following the exploits of the Koobface worm have discovered how the worm, which spreads via spam messages on Facebook and other social networking sites, makes money for its malware masters.
Security researcher Gary Warner detailed on his blog yesterday how a PC infected with Koobface will prompt the user to download and purchase a fake antivirus product, also known as scareware or rogueware. In Warner's case, the version was called PC AntiSpyWare 2010.
According to McAfee, one of the major antivirus companies, the 2010 batch of AV products hasn't made it to market yet, so users who come across a 2010 AV product are most likely being sold a fake product.
PC AntiSpyware 2010 even advertises itself by warning users about spyware that is not detected by antivirus products "because they are disguised as legitimate software installed with the user's consent."
As McAfee researcher Dirk Kollberg wrote on the McAfee Avert labs blog, PC AntiSpyWare 2010 is a "perfect example" of cybercriminals disguising a malicious product as legitimate software.
Koobface worm spreading phony ‘PC AntiSpyWare 2010′ antivirus
Source MX Logic Security News,
Filed under Security News
Tagged as 2010, AntiSpyWare, antivirus, fake, Koobface, worm
Tagged as 2010, AntiSpyWare, antivirus, fake, Koobface, worm