Virus Characteristics
Overview -
-- Update July 24, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2009/07/23/eclipse_scareware_scam/
--
This is a detection for HTML files that contains code for performing fake online malware scan.
The following are some websites that host this Trojan:
- spyware-scannerv3.com
- thesecureyourpc.com
Once user connects to any of the above websites, it displays fake malware infection alert.
Then it performs fake malware scanning and shows report of infection.
This fake alerts will then lead to download a Rogue Antivirus Software "Personal Antivirus" and saves it as %USERPROFILE%\local settings\temp\setup-{random}.exe.
The downloaded file is detected as FakeAlert-DI.