1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Fake App Attack: Fake AV Redirect 4

Fake App Attack: Fake AV Redirect 4

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects HTTP redirects and/or web pages which misleading applications use to attempt to lure users into downloading applications which may compromise the target host.

Additional Information

Misleading applications intentionally misrepresent the security status of a computer. Misleading applications attempt to convince the user that he or she must remove potentially malware or security risks (usually nonexistent or fake) from the computer. The application will hold the user hostage by refusing to allow him or her to remove or fix the phantom problems until the 'required' software is purchased and installed. Misleading applications often look convincing - the programs may look like legitimate security programs and often have corresponding websites with user testimonials, lists of features, etc.

Affected

  • Windows

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.
5. Find and stop the service.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube