Researchers from GFI Software the security company state that fake anti-virus software, which is part of the FakeScanti group of malicious programs are presently growing, while aiming at harming unwitting people. Help Net Security reported this in news on November 29, 2011.
A particular variant of the FakeScanti malware called "AV Protection 2011" was recently identified and as per the GFI security researchers there's a fascinating feature about it. The malware characteristically, like PC worms and backdoors, alters HOSTS file of an infected system when run on it. Moreover, 'AV Protection 2011' takes end-users onto a harmful Internet Protocol based at Germany where one more FakeScanti variant called "AV Secure 2012" is harbored. The diversion of end-users by 'AV Protection 2011' happens when the same end-users browse the popular websites facebook.com, yahoo.com, bing.com, or google.com.
Furthermore, the GFI researchers also reveal that Web surfers can be infected with the 'AV Protection 2011' once they're taken onto SEO poisoned websites alternatively sites associated with web-links in spam mails. Visiting these websites, the surfers download the attack toolkit namely BlackHole, which contains the rogue anti-virus packaged into it.
...
