All the latest UK technology news, reviews and analysis

Microsoft warns of fake virus alert hitting Windows users

20 Aug 2014
Bogus alert messages besieging Windows users

Microsoft has uncovered a fresh wave of malware campaigns that block web users from surfing the internet using bogus threat alert messages.

Antivirus researcher at Microsoft Daniel Chipiristeanu discovered the campaigns while investigating rogue antivirus infection rates.

"Lately we're seeing a dropping trend in the telemetry for some of the once most-prevalent rogue [antivirus] families, such as Win32/Winwebsec, Win32/OneScan, Win32/FakeXPA, Win32/FakePAV," he said in a blog post.

"However, since the big malware ‘players' are having more trouble in taking advantage of users paying for fake security products, and are moving away from this kind of social engineering, we are seeing other players willing to fill the gap."

Chipiristeanu highlighted one of the campaigns as particularly malicious, as it uses fake antivirus malware to hamper its victims' ability to browse the internet.

"In the past we've regularly seen rogues use the hosts file [sic] to block access to a legitimate security product's websites to deny users protection against the threat," read the post.

"Rogue:Win32/Defru has a different and simpler approach on how to trick the user and monetise on it. Basically, it prevents the user from using the internet by showing a fake scan when using different websites."

He added that the bogus threat page includes a scam alert masquerading as a message from an antivirus vendor requesting the victim pay to have their system cleaned.

"An unsuspecting user, after receiving this warning more than a few times when browsing, might be inclined to click ‘Pay Now'. This will lead them to a payment portal called ‘Payeer' ( that will display payment information," read the post. "But of course, even if the user pays, the system will not be cleaned."

Service disruption and lockouts are an increasingly common tactic in cyber criminals' scams. Ransomware takes a similar but more damaging approach to extort payment from its victims by locking infected systems to a custom lock screen.

Many of the lock screens include a bogus message masquerading as a 'fine' payment message from a legitimate law-enforcement agency.

The attacks have proven worryingly successful in recent months. Damballa revealed earlier in August that the infamous Kovter police ransomware is infecting nearly 44,000 devices per day, earning criminals as much as $1,000 per successful attack.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Technical CRM Manager Team Lead Finance Banking London

Technical CRM Manager (CRM Customer Relationship Management...

Desktop Lead Engineer Windows IT Support Banking Finance London

Desktop Support Lead Engineer (Microsoft Technical IT...

SQL BI Developer SQL Server SSAS Data Warehousing London

SQL BI Developer (Senior Business Intelligence Developer...

SQL BI Developer SSIS SSRS Business Intelligence Finance London

SQL BI Developer (Business Intelligence Developer SQL...
To send to more than one email address, simply separate each address with a comma.