In a recent blog posted on 18th November we talked about the significant threat that AV rogues had posed for our users this year.  Besides the prevalent rogues covered by the MSRT, the following is a longer list of AV rogues detected by Microsoft AV products such as Microsoft Security Essentials, Forefront Client Security, etc.

FakeXPA

FakePowav

MalwareBurn

UnSpyPc

DriveCleaner

DocrorTrojan

Winfixer

FakeScanti

Cleanator

MalwareCrush

PrivacyChampion

SystemLiveProtect

Yektel

FakeSmoke

Spyguarder

AntivirusGold

SystemGuard2009

WorldAntiSpy

SpywareSecure

IEDefender

MalWarrior

Malwareprotector

SpywareSoftStop

AntiSpyZone

Antivirus2008

PrivacyCenter

SpyLocked

Trojanguarder

MyBetterPC

NeoSpace

Winwebsec

FakeRemoc

SpywareStormer

SecurityiGuard

DoctorCleaner

UniGray

FakeSecSen

VirusRemover

Privacywarrior

PrivacyProtector

SpyBlast

FakeFreeAV

FakeRean

Antivirus2009

AntiSpywareDeluxe

Searchanddestroy

AlfaCleaner

WebSpyShield

InternetAntivirus

Antivirusxp

ErrorGuard

SpyCrush

Fakeav

Spyaway

WinSpywareProtect

Fakerednefed

Antispyware2008

EZCatch

EvidenceEraser

Vaccine2008

FakeSpypro

FakeCog

AntiVirGear

VaccineProgram

TrustCleaner

SearchSpy

AntiSpywareExpert

VirusRanger

SpyDawn

UltimateFixer

WinHound

Spyshield

SpySheriff

Antispycheck

SpywareIsolator

SpyFalcon

PrivacyRedeemer

VirusConst

FakeVimes

PCSave

PSGuard

SpywareStrike

Nothingvirus

AVClean

FakeIA

AntispyStorm

Antivirustrojan

XDef

AntiSpywareSoldier

AdsAlert

AdvancedCleaner

FakePccleaner

SpywareQuake

WareOut

Kazaap

SystemDefender

FakeSpyguard

SpyHeal

VirusBurst

VirusRescue

TitanShield

Easyspywarecleaner

Fakeinit

AntiVirusPro

CodeClean

Spybouncer

MalwareWar

VirusHeat

SpyAxe

Awola

MyNetProtector

FakeWSC

DoctorAntivirus

UltimateDefender

You may recognize some of the relatively recent rogues from this list such as FakeXPA, FakeSecSen and FakeRean. Some others, such as Winfixer and SpySheriff, have origins that actually go back to more than four years ago. On page 100 of our Security Intelligence Report volume 7, we observed that rogues remained a significant threat even though they trended down to 13.4 million infected computers in 1H09 from 16.8 million in 2H08. (Internet Explorer 8 SmartScreen Filter, a browser-based security feature, contributed to part of the decline).

As we have done in the past, we again encourage our readers to run a complete, up to date AV product such as Microsoft Security Essentials to protect their computers from these rogues, especially if located in English speaking countries - the regions where these rogues appear most active (as highlighted in the SIR). MSRT is a baseline tool we provide for the ecosystem to remove prevalent threats such as high profile rogues. With Security Essentials, on the other hand, you get the benefit of the complete AV signature set from the MMPC and you get the essential protection features an AV solution needs – real time, kernel mode detection, scheduled scan, complicated cleaning functionalities to address the emergent threats, etc.

Still, awareness of the threat event is also important. Take a look at some of the write-ups of these threats, get familiar with some of the enticing rogue skins used (like that displayed in the Win32/InternetAntivirus screenshot below) and tell your friends and families to be alert to the tricks used to socially engineer victims into opening their wallets for these 'useless at best' rogue AVs.

Scott Wu - MMPC