Usually, when a user gets infected by a fake antivirus program, he has to download the said program’s installer file to his computer and then execute it. It is the common way for the rogues to start terrorizing you, but just recently a new type of rogue campaign has been detecting. It is rather alarming, considering the implications of this new method of distribution.
Just like most of the rogues this new one is associated with fake porn sites and fake video codecs. When a user encounters that kind of site he is urged to download a fake video codec otherwise he would not be able to watch the video. To make matters less suspicious this rogue uses template background images of such well-known antivirus programs as Norton, Avira and Kaspersky, so when it performs a fake system scan, these templates make it seem like the scan is performed by legitimate applications online.
“Online” is the keyword in this situation, because the rogue does not have a GUI (Graphical user interface) component and no program is installed in the target computer. The fake scan is performed on an opened page in your web browser. Just like it has been mentioned previously, the page that pops that pops up into your browser looks like a GUI of a real antivirus program, and once the “scan” is complete, it displays a list of supposedly detected malware in a dynamic web page.
And this is where you come across with a peculiar feature of this rogue campaign. Unlike all the other rogues that urges the user to pay for a worthless program, this one does not want you to buy anything as of yet. With that we can presuppose that this new type of rogue is a prototype version of a new rogue antispyware product that might show up anytime soon. So keep your heads up, and do not take your system security lightly, because as we can see from this example here, the cyber criminals are always developing new tools in order to achieve their goals.