4 min read

Windows 8 Users Lured with Fake Dedicated Security Tool

Loredana BOTEZATU

September 14, 2012

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Windows 8 Users Lured with Fake Dedicated Security Tool

Users of soon-to-be-launched Windows 8 are being lured by a rogue Win 8 Security System, adding further headaches after the mess with the vulnerable Flash Player version in IE 10.

Windows 8 is not yet officially launched. But those tasting it via a “Release to Manufacturing” version of Windows 8 or the 90-day trial version of Windows 8 Enterprise are already exposed to several security hazards.

Crooks jumped at the chance for a good lure and advertised a security tool for the soon to be released OS. This software that allegedly solves all security issues on systems using Windows 8 is in fact a sample of the most-spread malicious piece of code to target users online – a fake AV.

At the time of writing this text, the hosting domain of this fake AV was still active, which means users remain vulnerable to this scam.

If usually rogue AV pieces sell for small sums of money, Win 8 Security System aims at a bold $99.90 fee that is probably meant to dissimulate responsibility and commitment.

Meanwhile, under the hood, this fake AV installs a rootkit driver with a self-signed certificate (either for x32 or x64 systems) in the Windows driver folder under a random name (consisting of randomly-generated characters) to monitor and manipulate the OS and, if necessary, to repair the Fake AV or hinder any legitimate security suite who might remove the bogus one.

It then starts to display the typical symptoms of an infection with rogue antiviruses, namely bombarding the user with bogus messages saying the system is not properly protected. If the victim tries to open the Action Center from the Control Panel, the malware automatically launches the fake one instead with fake flashy warnings, which are not hard-coded into the application, but rather html files downloaded from the web.

Win 8 Security System also hijacks the browser – as far as we’ve seen, it manages to subvert Internet Explorer and Google Chrome – and displays fake security warnings when the user browses the web or opens applications. It crashes the used app displaying an error claiming that a virus has just attacked the system.

The fake Win 8 Security System creates on the Desktop and in the “%start menu%\Programs\Win 8 Security System” a shortcut of a folder called Buy Win 8 Security System.lnk to lead the victim either to the online buy page or the Windows command-line registry editor.

And this fake AV is lurking around just as the security community gives users numerous warning notices about the notorious Microsoft decision of embedding in W8’s IE 10 in a vulnerable version of the Flash Player instead of going with the safer autonomous third-party plug-in.

Unlike in Windows 7 and earlier versions, Windows 8 users cannot automatically update the version of Flash into their browser. For that they need to go to the Adobe support page, look for the updates and manually install them.

This article is based on the technical information provided courtesy of Doina Cosovan, Bitdefender Virus Analyst.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read