Wednesday, November 12, 2008 5:00 PM by mmpc
I hate rogues. I don’t mean the World of Warcraft character class; I’m talking about rogue security software. In case you haven’t heard the term before, this is software that tells you that your system is crawling with bad stuff (for free!) and then offers to remove it for you (that’ll cost you). Of course the stuff they report is completely bogus; they are incapable of finding any real malware. What’s more they can be very insistent, repeatedly displaying popup warnings that make it virtually impossible to use your machine unless you pay to “register” the program. Apart from extorting money from innocent people, which is bad enough, this behaviour adds to the amount of FUD (fear, uncertainty and doubt) in the online community. As a virus researcher who’s spent more than ten years fighting real malware, this annoys me.
我讨厌盗贼。当然我说的不是魔兽世界的人物角色,而是安全软件欺诈。此前你可能从未听说过这个术语,它是一种告诉你 你的系统充斥着恶意软件(免费的),然后向你提供清除服务(付费)的软件。当然报告中显示的恶意软件都是假的,因为它没有能力发现任何真正的恶意软件。更离谱的是,它们会不停的弹出警告框,这使得你几乎无法使用电脑,除非你花钱注册这个软件。除了向无辜的人敲诈钱财外(这种行为相当恶劣),它还增加了互联网交流中的FUD(恐惧,不可靠,怀疑)总量。这使得我(一个花费了数十年时间与恶意软件斗争的病毒研究人员)很苦恼。
Some even trade on the reputations of legitimate software vendors to help sell their scam. One such rogue that we’ve been seeing in high numbers is something we call Win32/FakeSecSen, and is this month’s addition to the Malicious Software Removal Tool (MSRT). FakeSecSen is a classic example of a rogue security scanner. It is distributed in a variety of different ways. One is through web sites that might look like this:
一些安全软件欺诈甚至利用了 合法软件厂商的名声 来实施。我们称 这类已经大量出现的欺诈软件为WIN32/FakeSecSen,并在本月 添加进 恶意软件清除工具(MSRT)。FakeSecSen是一类如安全扫描欺诈的行为。它以多种方式实现。一种是通过网页实现。如下图所示:
Another way is via malware that downloads the rogue directly. It is quite common for links to both the rogue web sites and the rogue downloaders to be distributed via spam.
另一种方式是直接通过下载回来的恶意软件来实现。比较常见的则是 网页欺诈和软件下载链接并存。
An interesting, but not unusual, characteristic of Win32/FakeSecSen is that it uses many different disguises. As well as further contributing to the level of FUD and making them harder to keep track of, this might broaden their appeal to a wider audience – while one person may be convinced by something called “Ultimate Antivirus”, another would be more likely to install “Vista Antivirus 2008”. It may even lead to the same person being duped by the same rogue more than once. Here’s a list of names Win32/FakeSecSen has gone by recently:
Win32/FakeSecSen一个常见且有趣的特征就是它使用了许多不同的伪装。除了提升FUD等级和难以追踪以外,还扩大了受害面 — 当一个人信任“Ultimate Antivirus”的时候,另一个人可能在安装“Vista Antivirus 2008”。这可能导致同一个人受到同一个欺诈软件多次欺骗。
下面的名单是Win32/FakeSecSen 最近使用过的软件名:
Micro Antivirus 2009
MS Antivirus
Spyware Preventer
Vista Antivirus 2008
Advanced Antivirus
System Antivirus 2008
Ultimate Antivirus 2008
Windows Antivirus
XPert Antivirus
Power Antivirus
Ultra Antivirus 2009
Each of these variants uses slightly different file and directory names, but underneath they are virtually identical. The most significant difference is immediately apparent when you run a couple of them:
每一个变种都使用了 稍微有点不同的文件名和目录名,但是实际上它们几乎一样。当你运行两个变种时最明显的区别表现在外观上:
he makers of this rogue have gone to significant effort to make it easy for them to change the look of their interface. Most of the interface elements are represented using GIF and JPEG images stored inside the file’s resources; in other words, it is “skinable”. For more examples of FakeSecSen’s various “skins”, have a look at our encyclopedia entry.
You may notice that some of FakeSecSen’s skins look similar to the Windows Security Center. This is no coincidence. FakeSecSen even goes as far as adding its own imitation Security Center applet to the control panel, usually called “MS AV”, which just launches the fake scanner.
Some say imitation is the sincerest form of flattery, but for anti-malware providers like Microsoft, the trust and confidence of our customers is vital and we hate to see anyone taken in by this sort of thing. So please use a real anti-malware product - check with an independent testing authority, like Virus Bulletin or AV-Test.org to make sure it’s legitimate.
欺诈软件的制作者们做了大量的工作以便软件可以轻易的改变外观界面。它们使用的大多数界面元素是作为资源存储在文件中的GIF和JPEG图。换句话说欺诈软件是 可换肤 的。
关于FakeSecSen皮肤的更多信息,参见我们的百科全书。
你可能注意到有些FakeSecSen的界面和Windows安全中心一样。这不是巧合,FakeSecSen甚至添加了自己的 模仿自安全中心的控制面板,通常称为“MS AV”, 这个面板仅仅弹出了伪造的扫描器。
有人说模仿是奉承最恳切的形式,但是作为如微软这样的反病毒软件提供者,客户的信任是至关重要的。我们讨厌任何人做这样的事情,所以请使用真正的反病毒产品 — 通过如Virus Bulletin或者AV-Test.org等权威的独立检查机构的检查来确保该软件是正当合法的
扫一扫
2161
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
