DLL-Based FAKEAV Returns, in the Wild Again

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted

DLL-Based FAKEAV Returns, in the Wild Again

6:57 am (UTC-7) | by Roland Dela Paz (Threat Response Engineer)

In our previous FAKEAV white paper, we presented how Trend Micro researchers tracked down the evolution of FAKEAV and followed its development behaviorwise from one generation to the next. One of the earlier generations (fourth, to be exact) in the paper comprises DLL-based FAKEAV—fake antivirus that use a .DLL file to perform all of their malicious routines to primarily avoid easy termination. A few months ago, however, we saw this particular generation again making its rounds in the wild in the form of TROJ_FAKEAV.BTV.

In terms of appearance, fourth-generation FAKEAV variants are not particularly different from earlier generations. However, in the background, fourth-generation FAKEAV varaints are characterized by the considerably big file size of their DLL components (TROJ_FAKEAV.BTV samples are around 1.50MB in size). This is because the fake pop-up warnings, GUIs, and other scareware modules are all found in the DLL.

(more…) plus screenshot: http://blog.trendmicro.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing