Microsoft Security Essentials is fake. Well, it is and it isn’t. Microsoft Security Essentials is a free antimalware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one.
The new malware attack is distributed through a drive-by download as either hotfix.exe or mstsc.exe–both reasonably benign and almost legitimate sounding file names that might not raise red flags with some users.
The “alert” from the threat steals the Microsoft Security Essentials brand, including the little blue fortified castle icon. The software then displays a seemingly comprehensive list of antimalware solutions–including all of the top names that users are familiar with such as Trend Micro, McAfee, Panda, and Symantec– and identifies those that are capable of detecting and blocking this nefarious threat.
The F-Secure blog explains, “Surprisingly, the only products that seem to be capable of handling the infection are AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross. Never heard of these? No wonder. They are all fake products.”
The attackers are counting on users being naïve enough to take the bait and agree to be “saved” by purchasing one of these awesome antimalware tools to help eradicate the threat. But, since these are all rogue antivirus programs what you really end up with is some sort of Trojan that opens the system up to further malware compromise and exploit.
Don’t get confused, though. As mentioned above, Microsoft Security Essentials is a legitimate antimalware application as well. It is offered for free by Microsoft, and is in fact a very capable defense against malware. Microsoft just recently expanded the availability of Microsoft Security Essentials to small businesses as well–making it free to install on up to ten PCs.
I must say, though, that I have never understood how anyone falls for rogue antivirus attacks. It seems to me that users should know whether or not they have some sort of malware protection installed, and if so which software it is. If no antimalware is installed, or if the fake alert is apparently from a program other than the one that is installed–why would anyone take it seriously?
Did magic antimalware fairies stop by in the night and install this new beneficent tool? And, doesn’t it seem at all suspicious that this strange antimalware detection is capable of scanning the PC and identifying this new threat, but invites you to purchase something else to actually deal with the problem?
F-Secure detects this new rogue Microsoft Security Essentials threat as Trojan.Generic.KDV.47643.