The fake antivirus phenomenon has taken an unpleasant turn with the discovery of a Windows program that not only cons users into buying an unnecessary license but appears to lock files and applications on the victim’s PC.
According to security company Panda Security, rogueware program Total Security 2009 starts out in conventional fashion with the ‘discovery’ of a non-existent malware infection for which it demands an unusually ambitious $79.95 (£50), and even has the cheek to ask a further $19.95 for ‘premium’ technical support.
Users deciding against purchasing the license find that all files and applications on their PC have been designated as ‘infected’ and made inaccessible until the user follows on-screen instructions to buy a license using the only working application, Internet Explorer.
The program itself is remarkably developed, as has become a new trend for bogus antivirus in recent months, and mimics the design and configuration options found on many legitimate programs, including setting up ‘updates’, privacy settings and scanning schedules. It is even possible to change the default language from English to German or Spanish.
The bogus program would get on to a user’s PC in the first place after they had either clicked on a link in a spam email, or by visiting an infected distribution website, or even by visiting the program’s convincing-looking product homepage. Once registered, Total security 2009 remains on the system.
The program has been circulating for some weeks and infection rates are believed to be small. But the technique of combining fake antivirus prompts with a form of ransom-cum-hijacking will probably become a new front in the fake antivirus industry’s campaign to make people buy more completely useless programs.