Not only was the application scamming users out of money, but it also deployed another program called “TrojanSpy:Win32/Chadem” in an attempt to steal FTP usernames and passwords. If successful, the compromised systems were being used to host malware. According to a Microsoft blog post, the people behind this program use and register new domain names every day such as scanfan4.info and star4scan.info.
Fake malware warnings have become a common method of luring innocent users into buying illegitimate software. It’s nice to see Microsoft taking a step toward preventing the attacks, but it’s obviously an endless game of cat and mouse. I would like to offer a heads up to our less experienced readers: learn the name of and how to use your actual antimalware software and only follow its warnings. Don’t fall prey to these fallacious messages.