Fake Microsoft AntiSpyware Site Aims For Credit Card Numbers

First there was Fake Steve Jobs. Now there's a fake Microsoft AntiSpyware Center.

In a post on McAfee's Avert Labs blog, security researcher Rahul Mohandas details the latest trend in social engineering and cynical branding: In order to dupe computer users into installing adware and spyware, malware creators simply call their product AntiSpyware.

"This Fake Microsoft AntiSpyware Center page purports to be an 'Online Security Scanner' which scans the system for viruses and spywares," said Mohandas. "After the dupery scanning, the user will be presented with a dubious and falsified list of Trojans after which the user will be prompted to download and install an ActiveX Control to remove the threats."

As it turns out, the ActiveX Control is a Trojan that hijacks Internet Explorer's home page, displays phony alerts and makes wild security threats in order to encourage the site's visitors to download AntiSpyStorm.

Once installed, AntiSpyStorm offers a free security scan, which reports exaggerated threats to prompt the user to enter a credit card number and order the full version of the product.

The full version of the software isn't really worth anything, according to Dave Marcus, Security Research and Communications Manager for McAfee Avert Labs. The scans it provides just aren't accurate, he said.

"It's really just an attempt to get you to enter your credit card information," he said.

Marcus said that this sort of spoofing is becoming more common. "Truthfully, this isn't a new technique but we are running across it more and more lately," he said. "Any brand that has a lot of awareness associated with it makes a good lure."

According to Mohandas, Avert has identified hundreds, if not thousands, of rogue applications such as AntiSpyware with names like SystemDoctor and AntiSpyStorm.