ESET Threat Blog
David Harley

More unflattering imitation

by David Harley Senior Research Fellow
March 17, 2011 at 3:54 pm

[Update: more information from ESET on this malware here.]

Last October, my colleague Tasneem Patanwala blogged about rogue antivirus masquerading as an ESET product. In that instance it was a product calling itself Smart Security, and Tasneem's blog includes lots of useful information about that particular malware, and fake AV in general.

Looking through my huge backlog of mail just now, I notice mail from Aryeh Goretsky, another of my colleagues, about a program calling itself E-Set Antivirus 2011. I'll be looking at in more detail later, but I can tell you now that it has nothing to do with ESET, which has not changed its name and does not have a product called Antivirus 2011. If you run across a site that's pushing it, it will tell you that you have active malware on your system (it uses a number of real malware names such as Zhelatin and Virtumonde, though not with ESET identifiers), or that your system or data are under attack by a keylogger or from a random IP address, or that you're using unlicensed software.

More information when I have it. (Hat tip to Randy Knobloch.)

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

.

This entry was posted on Thursday, March 17th, 2011 at 8:44 am and is filed under Aryeh Goretsky, David Harley, fake anti-malware; fake software, Rogue AV, Tasneem Patanwala. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

8 Responses to “More unflattering imitation”

  1. Randy Knobloch Says:
    March 17th, 2011 at 12:06 pm

    Awaiting more information as it arises.

  2. Neil J. Rubenking Says:
    March 17th, 2011 at 3:20 pm

    David – surprise! I was testing products using the latest reported phishing URLS from http://www.phishtank.com and one of them dropped the E-Set rogue.

  3. David Harley Says:
    March 17th, 2011 at 3:28 pm

    @Neil: small world. :)

  4. Kolor Says:
    March 19th, 2011 at 10:50 am

    Sorry for OT but is the RSS feed down?

  5. David Harley Says:
    March 19th, 2011 at 1:48 pm

    I don’t know, but there’ve been some changes to the web site that might have affected it. I’ll check.

  6. John Says:
    March 21st, 2011 at 7:48 am

    I receive ESET anti-virus through a Phoenix reseller that appears to have gone out of business.  Who do I contact to find out if my coverage will continue? 

  7. David Harley Says:
    March 26th, 2011 at 4:20 am

    That’s way outside my competence, I’m afraid. You can get contact information via the Support tab on the ESET main web page.

  8. Randy Knobloch Says:
    January 27th, 2012 at 2:10 am

    Spotted again >
     

Leave a Reply

Share |
Subscribe by Email
To receive new posts automatically through email, enter your email address:

Delivered by FeedBurner

Blog Search
Categories
Authors
Tags
Adobe autorun Botnet Conficker Cybercrime Facebook google Malware Microsoft patch Phishing privacy SC Magazine Security Social Engineering Spam Stuxnet The Register Twitter Virus Bulletin
Archives

Switch to our mobile site