|» 21 August 2010|
|New tricks malware use to catch you off-guard|
Malware getting more advanced using new tricks
Malware has been using social engineering to do damage to computers for some time now. The latest trick these virus authors are trying to pull are trying to convince the user to remove his current antivirus software. For those who suspect they may have downloaded this Trojan, think twice as executing the file will have very detrimental results.
The Anvi Antivirus, which is actually another variant of FakeAV, first displays a pop-up message that plainly says to the unsuspecting user that their antivirus is “uncertified” and that it will begin by uninstalling your native antivirus. Of course it will only offer you one option of pressing “OK” and will even continue to run the uninstaller even if you press the “X” button to close it down.
Like many other malware, it is designed to make your current antivirus inoperable for it to do its evil work. For example, the Conficker worm disables security updates and tries to turn active security software off. This new variant of malware is a Trojan that uses clever social engineering to convince users to uninstall their native antivirus software and install their own antivirus software. Sadly, their antivirus software which is a clone of legitimate antivirus software doesn’t do its job. If you are using Symantec’s antivirus, Spyware Doctor, ZoneAlarm, AVG antivirus, or Microsoft Security Essentials; their uninstallers will automatically run.
Your security software should be able to detect this Trojan and block its advance even before it tries to wreak havoc to your system. If your virus definitions are not updated, it is very possible that you are susceptible to this kind of attack.
If the Trojan manages to download the bogus anti-virus software and run it, it will try to convince the user that their computer is infected with other “imaginary” threats and try to lull the user to buy other software that will make the situation even worse.
The user’s computer will not only be infected, but will also lose money if tricked into purchasing useless software.
That is why users should stick to antivirus products they know. It may be true that two antivirus suites on the same computer will make them conflict with each, but uninstalling your antivirus in favour of another one may not be the best course of action.
It would be better to always keep your existing antivirus program updated and run regular scans. A little research on new antivirus products would be good too. If you read this article and encountered the Trojan, don’t uninstall your antivirus! Instead update your antivirus and wipe that Trojan off the map!