Another Fakealert variant is effecting our user base.

Passing itself off as the usual “mediatubecodec_ver1.1277.0.exe” (do not run this file — it really does not deliver useful codec components for playing videos), this downloader connects back to hxxp://xpantivirussecurity.com, and drops files like “1.exe” that deliver scary popups to alarm our users with false malware detections in an effort to coerce them into paying for a product that they don’t need. Unfortunately, detection has been spotty, with some heuristics performing effectively.

This entry was posted on Tuesday, June 24th, 2008 at 9:34 am and is filed under FakeAlert, Rogueware, Social Engineering, Undetected malware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.