Microsoft has warned users to be wary of sites promoting fake versions of its free Security Essentials anti-malware software.
In a blog posting on its Technet developer site, the company said, "One of the oldest tricks used by rogue antivirus products is to use a similar name as, or have a similar look and feel to, legitimate security software. It has been commonplace for them to mimic the Windows Security Center. So it was inevitable that the day would arrive when a rogue would masquerade as something similar to Microsoft Security Essentials."
The fake product, called "Security Essentials 2010", installs a fake scanner component, which monitors Windows running processes and attempts to terminate the ones it does not like, claiming that they are infected. The user is prompted to pay money to register the software to remove the non-existent threats.
Additionally, it lowers a number of security settings in the registry and changes the desktop background to display a message stating, "Your computer is infected."
The fake anti-virus software also blocks access to web pages on a number of genuine anti-malware sites, including:
TROJ_FAKEAL.SMDP (Trend Micro)