2008 continues to live up to the title “The Year of Rogueware”. So far this year, bots, worms and viruses, all seem to live in the shadow of this type of activity. Users are actually trying to run this constantly changing stuff on their systems, with AV scanners missing them during their effective window ITW altogether. Rogueware themes are changing, the binaries change, and the websites change somewhat according to thematic content. You can see a lack of scanner detection here.
Accelerated numbers of “AntiVirus2008″ software installs are popping up, created by our familiar developer friends in the Ukraine (yes, that is sarcasm), which can be found at “hxxp://www.antivirus-scanner.com”. We’re seeing installs from a file named “antvrsinstall.exe”, which is dropping “antvrs.exe”. Here’s another fraudulent screenful from its distributors. There are no dangerous files or viruses detected on the system as they state, because the web site isn’t really scanning my system:
Quarantine it if you see a popup from threatfire, warning you of “PuA.Rogueware”.