MSE Rogue Makes the Headlines, Again

Article by George Norman (Cybersecurity Editor)

on 26 Oct 2010

Rogue security software applications are nasty pieces of work. They trick you into thinking they are genuine security software solutions that will keep your system safe from harm. Then they trick you into thinking your computer has been infected, or is under attack, or something along those lines. And then they ask for money to remove the phony security issue they supposedly uncovered.

Back in September we were reporting that Sophos , company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions, uncovered a Trojan that impersonates Microsoft Security Essentials (MSE), the free security software solution offered by Microsoft that recently celebrated its 1st anniversary.

The Trojan, classified by Sophos as Troj/FakeAV-BTN , displays a Microsoft Security Essentials alert that says a dangerous file identified as Unknown Win32/Trojan has been uncovered (image 1 at the bottom). Then it asks the user to click the “Scan Online” button to remove the threat (image 2). Then the Trojan displays fake scan results for 32 different antivirus products (image 3). Last but not least, the Trojan invites the user to pick one of 5 security software solutions that can supposedly remove the threat . All 5 of those applications are rogues.

The MSE-impersonating threat once again makes the headlines thanks to Group Communications Manager with Microsoft, Eric Foster, who issued a warning that fake MSE software is on the loose. Imposters that claim to be MSE are classified by Microsoft as Win32/FakePAV .

“FakePAV is a rogue that displays messages that imitate Microsoft Security Essentials threat reports in order to entice the user into downloading and paying for a rogue security scanner,” said Foster. “The rogue persistently terminates numerous processes such as Windows Registry Editor, Internet Explorer, Windows Restore and other utilities and applications. This software is a fake. Do not be fooled by this scam. This malware can potentially cause consumers and small business owners harm.”

Foster went on to say that MSE is free for home and business users. Applications that look like MSE but ask for money are definitely not the real deal. Make sure you get MSE from trusted locations, like www.microsoft.com/security_essentials/

Image 1


Image 2


Image 3



UPDATE: F-Secure announced they detect this threat as Trojan.Generic.KDV.47643.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all