This week Microsoft's Malicious Software Removal Tool received an update to detect a fake antivirus program known as "Win32/InternetAntivirus." By alerting unsuspecting users to false claims of detected malware, they were frightened into buying "security software." Win32/InternetAntivirus seemed legitimate to inexperienced users because it mimics the look of Windows Security Center.
Not only was the application scamming users out of money, but it also deployed another program called "TrojanSpy:Win32/Chadem" in an attempt to steal FTP usernames and passwords. If successful, the compromised systems were being used to host malware. According to a Microsoft blog post, the people behind this program use and register new domain names every day such as scanfan4.info and star4scan.info.
Fake malware warnings have become a common method of luring innocent users into buying illegitimate software. It's nice to see Microsoft taking a step toward preventing the attacks, but it's obviously an endless game of cat and mouse. I would like to offer a heads up to our less experienced readers: learn the name of and how to use your actual antimalware software and only follow its warnings. Don't fall prey to these fallacious messages.