Tuesday, October 26, 2010

Microsoft Security Essentials Under Malware Threat

In a cruel twist of irony, Microsoft Security Essentials - a popular, free and very effective anti-malware solution - has found itself in the crosshairs of a new malware threat. Identified by security software firm F-Secure as Trojan.Generic.KDV.47643, the malware comes under the guise of innocuous hotfix.exe or mstsc.exe files. Considering them as regular updates, users unwittingly install these files, which then manifest themselves as Microsoft Security Essentials program, replete with the original logo for effect.

It then shows false positives to a long list of malware infections detected on the system. After that, it drops the names of popular anti-malware programs like Symantec, Trend Micro and Panda, suggesting them as being useless against these threats. The program then recommends AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector, and Red Cross - all fake anti-malware solutions - to remove the threats.

The F-Secure blog maintains that this whole exercise is to get users to install the suggested anti-malware software which will give the people behind this attack a backdoor entry to victims' systems. The best way to prevent falling prey to these attacks, according to F-Secure, is to download Microsoft Security Essentials from genuine Microsoft website or authorized download partners.