TOKYO (MacHouse) – A few days ago, we discovered that a cyber scum group started a new campaign to advertise pseudo-anti-virus software title called Antivirus 2008, using a fake anti-virus scan website. Thanks to Sophos, we have determined that the file you will be forced to download after involuntary redirection to the website of antivirus-scanonline.com contains a Trojan virus known as Troj/FakeVir-BF.
What is Troj/FakeVir-BF? Darren Leong from Sophos writes
The virus lab has detected it as Troj/FakeVir-BF.
Troj/FakeVir-BF claims to be an anti-virus scanner called “Antivirus 2008″. Troj/FakeVir-BF scans the computer and reports clean files as being infected with malware.
When first run Troj/FakeVir-BF copies itself to
The following registry entry is created to run Antvrs.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Antivirus
Registry entries are created under:
HKCU\Software\Antivirus
HKLM\SOFTWARE\Antivirus
Click here for more information on Troj/FakeVir-BF.
This computer virus is quite new. The domain of antivirus-scanonline.com is new in the first place. It was registered on May 7, 2008. We discovered the website only a few days ago and first reported it sooner than any other website to our knowledge. Sophos added protection to this computer virus in May 24, about 2 hours after we sent them a file sample.
References:
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered
