Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Misleading Apps Forcing the $$$

Created: 19 Aug 2009 17:08:07 GMT • Updated: 23 Jan 2014 18:33:18 GMT
Sumit Pagey's picture
0 0 Votes
Login to vote

Misleading applications use various techniques such as fake security scans or exaggerated “malware found” reports to scare users to purchase their so-called solutions. To take this to next step, one such example of a misleading app—called “System Security”—is forcing users to purchase it because it can render a system nearly unusable. Once System Security is installed on a machine it terminates most of the active user processes such as Firefox, antivirus programs, Acrobat Reader, and others. Internet Explorer is spared from this list.

imagebrowser image
 

If the user tries to run Task Manager, antivirus software, or any other executable binary except Internet Explorer, this misleading application reports that the respective binary is infected and blocks access.

imagebrowser image

imagebrowser image      

imagebrowser image

imagebrowser image
  
Terminating most of the active processes and blocking users from executing any binary except IE results in this application forcing users to pay for a “subscription.”

imagebrowser image

Even after system reboot, the rogue app takes over the system by terminating other processes and by prohibiting users to terminate it or to execute any other processes except Internet Explorer. As always, we encourage users to download applications directly from vendors’ websites or legitimate partners.

Symantec detects this misleading application as Trojan.Fakeavalert, and advises customers to ensure that their antivirus software and definitions are kept up to date.