JS/FakeAlert.B!tr - Released Aug 31, 2009 - Last Updated Sep 10, 2009
Alias/esAdware.Fakealert-560, HTML/FakeAler.ibp.6, HTML/FakeAle.avs.77 | ||||||||||||
Detection Availability
| ||||||||||||
Visible Symptoms
| ||||||||||||
Detailed AnalysisThis detection is for HTML files that display messages that intend to deceive the user into believing that his system is infected with different types of malware. The messages also intend to trick the user into downloading rogue security programs such as Personal Antivirus and Total Security. Technical DetailsWhen the HTML file is first loaded in the user's browser, it displays a message box containing a message that warns the user that the system needs to be scanned for threats. Below is an example of this message:
The behavior of this trojan is the same whether the user clicks the OK or the Cancel button. After the user clicks any of the two buttons, the browser displays a page containing fake information on various numbers of threats found in the computer. These numbers are hard-coded and do not correspond to actual threats. When the user closes the browser window, it displays another message box containing a message that a security program is required to repair the computer. As of this writing, Personal Antivirus and Total Security are the names of the rogue security programs that are mentioned. Below is an example of this message:
The user is not given any other option other than the OK button. After clicking this button, the trojan downloads the rogue security program. | ||||||||||||
Recommended Action
|
Reference: ID - 1014569
