Misleading applications, also known as rogue antispyware applications, use various techniques such as misleading task bar notifications, popup windows, and fake security scans to attempt to scare users into believing they will need to purchase the “protection” offered by the misleading apps. We have observed a new technique being used by misleading applications, one that involves asking users to pay for software from popular vendors.
As is typical with misleading applications, when executed, a fake security warning is initially displayed:
Then, a fake system scan is conducted and non-existent threats are reported on the system:
However, instead of the misleading application promoting its own application for purchase, a pop-up window attempts to sell other popular security programs:
Below are some of the software titles promoted by these rogue applications:
• Norton 360
• Norton AV 09
• Norton IS 09
• Norton SW 12
• MS Office Enterprise 2007
• MS Office Ultimate 2007
• MS Windows Vista Business
• Adobe Photoshop CS4
• Adobe Acrobat 9 Pro
And, the following are screencaps from the online website:
Our attempts to purchase the software did not result in the software delivered, so the ultimate motivation of the misleading application isn’t entirely clear. The miscreants could be selling pirated software at a profit or just gathering credit card numbers for potential resale in the underground economy.
Nevertheless, as always, we encourage users to download applications directly from the vendor's website or legitimate partners. Symantec detects this misleading application as SpywareGuard2008, and advises customers to ensure that their antivirus software and definitions are kept up to date.