Microsoft has warned users of the fake antivirus program known as Security Essentials 2010 which is quite similar to Microsoft’s security protection software. The programs contain a trojan Win32/Fakeinit. If the user installs the fake antivirus program, it downloads and installs a fake scanner component that monitors other processes and attempts to terminate them.
According to David Wood at Microsoft’s Security:
Well, it had to happen eventually. One of the oldest tricks used by rogue antivirus products is to use a similar name as, or have a similar look and feel to, legitimate security software. It’s been commonplace for them to mimic the Windows Security Center. So it was inevitable that the day would arrive when a rogue would masquerade as something similar to Microsoft Security Essentials. If anything, it surprises me a little that it’s taken so long.
The program looks something like this:
When the program is installed, the trojan changes the desktop background to a warning message which says “Your System is Infected”. It even changes the registry entries so you cannot change the desktop background back to normal.
Microsoft says that the original Security Essentials 2010 has detected the trojan and can remove it. Microsoft Security Essentials 2010 is a free software which can be downloaded directly from Microsoft’s site without any charge.
Other then that, it downloads and installs Win32/Alureon component and another LSP, Layered Service Provider, which is detected as a trojan itself. What this trojan do is it monitors the TCP traffic sent by various web browsers installed by the user and restrict traffic to certain domains.
The fake program also asks the users to pay for the subscription and activate it if they want to use the “Full version” of the software.
The original Microsoft Security Essentials 2010 is free and can be download from the links given below:
Download : Windows XP (32-bit)
Download : Windows Vista & Windows 7 (32-bit)
Download : Windows Vista & Windows 7 (64-bit)