Security Bytes

Aug 10 2011   2:25PM GMT

Patch Tuesday update blocks dangerous Trojan



Posted by: Robert Westervelt
Tags:
Rogue Antivirus
scareware
SEO attacks

The update to the Microsoft Malicious Software Removal Tool (MSRT) includes the removal of FakeSysdef, a pesky Trojan that poses as a system performance tool.

Microsoft has bolstered its Malicious Software Removal Tool this month to include a signature that detects and removes FakeSysdef, a Trojan that has been successfully tricking people by posing as a system performance tool. According to engineers at Microsoft’s Malware Protection Center blog, the Trojan masqueraded as a program called System Defragmenter last December. It’s also surfaced under different names including Scan Disk and Check Disk.

Victim’s run across the program in poisoned search engine results. As Microsoft explains, the malware spread fairly easily thanks to the multitude of exploit toolkits that have the search engine poisoning built in as a feature.

Creators of the Trojan and rogue security software are notorious for using exploit kits and “search result poisoning”, or Black SEO, to launch installers of their malware. For example, malware creators could use an image search poisoning scheme to deliver poisoned search results to users that search for a photo of a popular or public person. When opening a (malicious) returned search results page, the user could become infected by way of a drive-by download that executes

The bad news for victims is that the Trojan can be really pesky. If the message to purchase performance improvements is ignored, the malware “reboots the machine repeatedly until they activate the fake fix.”

FakeSysdef is very much like rogue antivirus programs, which latch onto potential victims by poisoning search engine results. We’ve been keeping track of the highs and lows of rogue antivirus. Brian Krebs of KrebsonSecurity reported last month that international law enforcement was making some headway against Russian cybercriminal gangs peddling rogue antivirus.

There’s no doubt that the game of wack-a-mole will continue in this area.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: