2 min read

The Stubborn Rogue

Loredana BOTEZATU

April 26, 2010

The Stubborn Rogue

Trojan.Fakealert.CAWis the latest of its kind. The 1,164 KB package is extremely large for an average piece of malware, but it surely does not want to go unnoticed. After deployment, this rogue AV utility creates its own folder in “%systemdrive%Documents and Settings All UsersApplication Data” and remains it using an 8-digit random string. In this folder, Trojan.Fakealert.CAW creates a copy of itself under the same random name, as well as a batch file which runs the newly created copy with the “install” parameter. Afterwards, both the original and the batch files are deleted.

Upon successfully infecting the system, the malware starts popping up alerts informing the user about the installation of the “Security Tool”, creates shortcuts on the desktop, start-menu and tray icon, sets  itself to automatically start-up by creating a new entry in the registry under the key “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun” with its file path as value.

Installing trojan


It would also start doing its magic: the user is informed that the computer is infected with various types of malware, and he/she needs to purchase the full version of Security Tool to start the cleanup process. In order to make things look worse, different warning messages are displayed.

Main Screen Rogue AV


After a thorough scan, the (rogue) antivirus Security Tool will ask the user to restart, which would only continue the damage spree by hiding desktop items and closing almost all applications the user tries to access. More than that, if the user opens an internet browser, firewall alerts will also be popping out.

Fake Firewall alert

The charade goes on: a screensaver displaying a false “blue-screen” forcing a shut-down, all for the purpose of scaring the user into buying a Rogue AV.

Alert Kill

Aside from the Rogue AV component, Trojan.Fakealert.CAW has a spyware feature, which attempts to send information about the infected machine to a remote server.

 

Information in this article is available courtesy of BitDefender virusresearcher George Cabău.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read