Antivirus2010 – Multiple “Avatars” in a Single .exe

The latest malware threats from across the security forums

Moderators: Admin Team, Moderators

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

Antivirus2010 – Multiple “Avatars” in a Single .exe

Postby Spudz » Thu Apr 08, 2010 2:14 am

Antivirus2010 – Multiple “Avatars” in a Single .exe
Sujit Magar
April 7th, 2010

Antivirus XP 2010, a clone of the Antivirus2010 family, is amongst today’s most prevalent rogue security software. Fake security software scammers continue to release new clones in frequent attempts to evade antivirus scanner detections. New clones share the same user interface and look and feel of the original application, but the application name changes.

Analysis of Antivirus2010 reveals that it is using a single binary file for multiple clones. Every time such a binary is executed, a different name is displayed as an application title. For example, when it is executed for the first time it displays itself as XP Antispyware 2010; however, when executed again it may display itself as XP Guardian 2010.

The following is a list of the names that it may use in any particular instance:

• XP Antispyware 2010
• Antivirus XP 2010
• XP Guardian 2010
• XP Guardian
• XP Defender 2010
• XP Antivirus
• XP Antivirus 2010
• XP Antivirus Pro
• XP Antivirus Pro 2010
• XP Internet Security
• XP Internet Security 2010

Here is a screen shot of the binary executed, showing the application name as Antivirus XP 2010:


Continues at Symantec Security Response
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image

Return to “Latest Malware Threats”

Who is online

Users browsing this forum: No registered users and 2 guests