I’m sure lately most of you heard about the Win32/FakeSecSen; it’s a nasty program that claims to scan for malware and display fake warnings of Malicious Programs, Viruses and Trojans. After the so said scan that didn’t actually take place; it uses the concept of FUD (Fear, Uncertainty and Doubt) to victimize the user for paying in order to clean the infection of non-existing threats!

The different forms of Win32/FaceSecSen programs are: Micro AV 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus and Ultra Antivirus 2009 among others. (Note: Get familiarized with these names)

Win32/FakeSecSen installs six different files. So for example if you use the ‘Micro AV’ program, the FakeSecSen installs these files:

1. Microav.exe: the actual executable file, which consists of the interface, an icon in the system tray and the infection pop-up warnings;
2. Microav.cpl: is the control panel applet; which adds an entry to the control panel and if you run it; it will launch the actual executable file (i.e. microav.exe) (Note: it looks exactly like the Microsoft Security Center Icon)
3. Microav0.dat and Microav1.dat: are the files that contain the malware information to report to the user, (Note: bare in mind that there is no actual scanning happening, as all the entries that are reported are fetched from these DAT files.)
4. Microav.ooo: a harmless file; and 
5. Microantivirus.lnk: is the fancy desktop shortcut pointing to the actual executable file.

Users can notice these files under their programs files directory and there are some registry entries added to start the program at system start.

Pass on the word: Always use a real anti-malware program and to check if it’s legitimate visit Virus-Bulletin or AV-Test.

Check out the AV-Test release latest results. Interesting stats.

be safe online..

Fatma

For the first time ever the (ISC)2 are getting their expertise to Dubai at SecureDubai on the 4 Dec 2008. This one day conference will be themed around Emerging Threats.

It will start with a keynote from Lance Spitzner the CEO, HoneyTech and then will handle topics such as SCADA security incidents, available standards and SCADA security best practices. An insight will be given into the risks and vulnerabilities of IP-enabled ATM’s as well as their supportive infrastructure with a focus on security best practices, configuration and operation of ATM architecture. Sessions will engage in emerging threats in the UAE, their impact on businesses and the users, Web 2.0 security, Botnets and their effect on our Web activity and the best ways of protecting ourselves against this phenomenon.

Date:      4 December 2008

Venue:   Etisalat Academy, P.O.Box 99100, Dubai, United Arab Emirates

Time:      9:00am – 6:00 pm

P.S: This conference is complimentary for all (ISC)2 members. A 10% discount is also offered for ISSA/ISACA/ALIG members and an additional 10% discount is offered to RSA Attendees. For more information, please contact trustem(at)isc2.org.

Register now as the seats are limited!

See you there.

Fatma Bazargan