Fakealert Variant

Another Fakealert variant is effecting our user base.

Passing itself off as the usual “mediatubecodec_ver1.1277.0.exe” (do not run this file — it really does not deliver useful codec components for playing videos), this downloader connects back to hxxp://xpantivirussecurity.com, and drops files like “1.exe” that deliver scary popups to alarm our users with false malware detections in an effort to coerce them into paying for a product that they don’t need. Unfortunately, detection has been spotty, with some heuristics performing effectively.

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>