Tag Archives: SecretService fake antivirus

Panda Security’s August 7, 2009 Report on Viruses and Intruders

Courtesy of Panda Security. Panda Security’s weekly report on viruses and intruders.

This week’s PandaLabs report looks at the Lineage.LAS worm and the SecretService fake antivirus.

The Lineage.LAS worm spreads through mapped drives. It copies itself to several folders and downloads a malicious file. It also creates a file called Autorun.inf which allows it to run every time the user opens a folder.

Additionally, it modifies the Windows registry to run on every system restart. One of the malicious actions the worm carries out on infected computers is to prevent users from viewing hidden files and folders.

SecretService is yet another example of the now widely spread fake antiviruses. This malicious code tries to trick users into believing their computer is infected. To do this, it generates numerous junk files, and offers users the possibility of buying an antivirus solution through an online transaction to remove them. This way, it steals users’ credit card details.

image

SecretService carries out a fake computer scan, displaying an undetermined number of problems, and offers users the possibility of installing security software.

image

Once installed, SecretService’s interface looks very similar to that of traditional antiviruses, even displaying the Windows Security Center page.

image

SecretService can also display fake warnings reporting malicious files, registry errors, etc.

image

These warnings are accompanied by a very characteristic sound. Other actions it carries out to make users believe they are infected include modifying the computer wallpaper.

image

To make the program look more authentic, it inserts an icon in the browser taskbar.

image

Finally, it displays a screen which requires the software to be upgraded to its paid version in order to eliminate all threats. Then, if users enter their banking details, they will be stolen.

image

This fake antivirus reaches computers when users access a malicious web page and agree to install the program.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on Twitter, and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, Rogue Software, scareware, Spyware - Adware Protection, trojans, Viruses, Windows Tips and Tools, worms