Rogue Antivirus Scareware Exploits Microsoft's MSE

A rogue version of Microsoft's free antimalware product, Microsoft Security Essentials, is making its way around the Internet by scaring users into buying a bogus security product.

Initially the rogue program portrays itself as Microsoft's legitimate free antimalware offering, MSE, which the company unveiled as a free consumer product at the end of 2008.

However, researchers at F-Secure, who first detected the rogue antivirus program, said that the alleged MSE program is actually scareware distributed via drive-by download attacks and completely unaffiliated with the Microsoft brand.

Scareware is a type of malware that tricks users into purchasing a fake security software program by claiming, often falsely, that their computer is infected with viruses, Trojans or other threats. The malware often promotes a bogus product as a way to eliminate the threat.

"It fools the user into downloading the program by saying it's able to clean the mysterious virus off of your machine, which of course, isn't there," said Mikko Hypponen, chief research officer at Finnish security company F-Secure.

Next: Rogue Scareware Exploits Microsoft Brand

Hyponnen said that what differentiates this scareware is that unlike others, it blatantly impersonates major brands, such as Microsoft's MSE, as well as numerous others.

"Typically they don't directly steal brands. This one steals them by the dozen," he said.

Once downloaded, the fake MSE appears to be unable to eliminate the threat. The rogue program then displays a medley of logos for more than 30 antivirus products, claiming to offer the victim a more robust tool that would be capable of cleaning the alleged viruses off of the user's computer. The malware then offers up a slew of unknown fake antivirus software products it claims are capable of handling the infection. Names of the fake antivirus software include AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross.

"Never hear of these? No wonder. They are all fake products. 'Microsoft Security Essentials' will try to scare you into purchasing a product you don't need. Don't fall for it," Hypponen said. "In reality, this is all fake."

Hypponen said that F-Secure has already started to see a rise of infections related to the scareware attack, which has been circulating on the Internet for about two or three weeks.

Next: Microsoft Has Interest In Protecting Its Brand

The bogus antivirus program doesn't install more malicious code on a user's system but instead launches a phishing attack by compelling users to buy bogus software. The fact that victims still have the option of purchasing the software is sometimes a loophole that scammers can use to legally cover their tracks, he said.

However, this particular scareware attack will likely be addressed and shut down quickly, due to the fact that Microsoft has a vested interest in protecting its reputation, he said.

"I'm sure they'll do their best with this case. They have to protect their brand. It could be seen if that you're not protecting your brand, you're losing it."