It’s but obvious you might have heard people telling that in 2012 the world will come to an end, but not for this rogue FakeAV (read:XP Security 2012).
Fake AV software’s aka Fraud AV’s are one of themost popular malwares being seen these days. Although they were present, the numbersof fake AV Trojans are rapidly increasing day by day and their main motivebehind this is to make quick money by enticing unsuspecting or novice users whofall into their trap.
So what does this XP Security 2012 do?
Upon execution, the malware throws up a window showing a lot of files as infected
As you can see the title it says “UnregisteredVersion” and again if you click on any other tabs on the left hand side like Personal security or Proactive Defense, they will all be disabled and it will prompt you to enable or register your version of “XP Security 2012”.
Apart from that it will also keep throwing messages like “System in Danger” to create fear among the users.
Once the unsuspecting users click on “Register”,which is what the malware guys are expecting you to do it takes you straightaway to some rogue site and asks you to provide your personal details as can be seen below
Once you enter these, comes the most interesting part for the bad guys as this is what they have been waiting for – “Money” and to get that they ask you to provide your credit card details
Apart from the above, the file also drops or copiesitself into the following locations:
C:\Documents and Settings\Administrator\LocalSettings\Application Data\g8v4b5de0b26j82m6ftqwv6f0aire
C:\Documents and Settings\Administrator\LocalSettings\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\Administrator\LocalSettings\Temp\g8v4b5de0b26j82m6ftqwv6f0aire