::: Welcome to DrayTek MyVigor Website - http://myvigor.draytek.com :::

Fake AV programs are getting more and more

D-SWAT

Fake AV programs have become increasingly over the past two years. Some bad guys use these fake Av programs to make money.

They put fake AV programs on web server that address looks like an official site, ex: office.microsoft.com. Once you download and install these fake AV programs, you will begin to receive warning message that your system has been infected and have to pay for necessary protection. The fake AV program will show that you are using a trial version and need to upgrade to remove virus.

Another kind of situation is through social engineering. Bad guys create a website that looks like a malware scaning site. When you visit to the site, it shows some web pages which look like legitimate screens in Windows operating systems and try to make you believe your computer is infected by malwares.

These fake AV programs sometimes are not only fake AV programs, some of them also contain backdoor program, keylogger or other trojan programs.

VigorPro defends against this threat for your network. Please keep the signature at latest version.

The related AV and AI signatures:

DT-AV:
97744 Trojan.FakeAV-340!DT
97688 Trojan.FakeAV.AS-1!DT
97687 Trojan.FakeAV.AS!DT
97674 Trojan.FakeAV.CO-2!DT
97668 Trojan.FakeAV.CO-1!DT
...etc (totally 70 signatures)

DT-AI:
5327 Fake AV AVPlus D/L
5326 Fake AV IAVPro D/L
5323 Fake AV installpv.exe D/L
5185 Trojan Gemini Fake AV D/L
5158 Fake AV Inst_58s6.exe D/L
...etc (totally 43 signatures)

You can find some fake AV program screenshots on following websites:
http://www.malwarecity.com/blog/focused-malicious-activities-201.html
http://isc.sans.org/diary.html?storyid=7144
http://tjb-ts.blogspot.com/2010/02/fake-av-on-windows.html

The information from DrayTek Corp.

About DrayTek

DrayTek Corp., founded in 1997, is a global provider of comprehensive network security, remote access and VoIP solutions for residential/small office and Small and Medium Enterprises(SME) use. To meet the needs of customers for quality and cost-effectiveness, DrayTek, with technologies integrated with real-time Anti-Virus/Anti-Intrusion system, VPN, VoIP and xDSL broadband access, has successfully delivered total network protection worldwide. For more information, please visit the company's website at http://www.draytek.com.

Press Contact:
DrayTek Marketing Dept.
press@draytek.com