AV Security Suite

AV Security Suite is a piece of scareware and malware, or more specifically a piece of rogue security software, which poses as a pre-installed virus scanner on a victim's computer system. It is currently known to affect only Microsoft Windows systems, though may simply operate under a different name on other platforms to better fit in with their user-interfaces, as its disguise is a key component of its success. In the task manager it appears as a string a random characters that end with "tssd.exe" – an example is yvyvsggtssd.exe. It also can show a random string of characters that end with "shdw.exe".

Methods

After being installed on a target system, AV Security Suite sends out simulated virus alerts using pop-up windows that open from the rightmost section of the task bar. These notifications appear the same as those used by Windows itself, so can look genuine to a user not familiar with Windows' own style of reporting viruses (Windows Defender). AV Security Suite will show results of a fictitious virus scan,[1] this time using its own name, informing the user that their system is infected by viruses. Using a variety of different messages, some imitating Windows and some under the software's real name, it instructs the user to upgrade to the full version of AV Security Suite to remove the viruses. It then fakes the presence of unspecific viruses by performing actions such as preventing the opening of any programs (including Windows Task Manager)[2] and blocking internet connections. In essence, it renders a system almost useless. Since it is disguised as an anti-virus program, it is not considered to be a virus to any accessible anti-virus or anti-spyware programs.

Infection

AV Security Suite can infect computers using Adobe Flash or other Adobe components found in regular websites, and so does not require voluntary download of software by the user. It has also been known to attack using Java software. There are currently no effective tools available to remove it, though some that claim to be able to do so are questionable in authenticity. Very few virus scanners are capable of detecting and removing the program. Norton and AVG Free Edition have been reported not to detect it. The paid edition of Malwarebytes' Anti-Malware has detected and removed it while the system is in safe mode, however a few months later the messages and program had come up again. While an operating system is infected, the malware will notify the user of infected system files and change the proxy server settings of the user's web browser so that the user will be under the false perception of no longer having Internet access. In addition, two websites that were not manufactured by the company will spontaneously pop up on the user's computer. One of these websites is for the erectile dysfunction drug Viagra, and the other is a pornographic website. Users are advised to dispose of the AV Security Suite virus immediately after their computer becomes infected, as the virus is possibly dangerous for younger users.

Developers

An analysis of the virus' graphical user interface, actions (dropping malware which attempts to send users to the same exact adult websites), and method of infection reveals it is likely that this piece of malware was developed, or at least inspired by, the same group which developed the fraudulent Antivirus System PRO, Antispyware Soft, Antivirus Center, and Antivirus Live, along with a number of other rogue antivirus applications. The claim on AV Security Suite's website, however, states that the developers of the program are based in London.

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.