“Illusion is needed to disguise the emptiness within.” – Arthur Erickson

I thought this was the perfect quote for fake anti-malware software or FakeAlert threats. FakeAlert malware imposes an illusion of protection on its users, but all thats within is an empty hollow inside. It has become a common sight for malware to be spoofing program file resources such as icons or company information from other legitimate software. One of the most spoofed resources are Microsoft file properties such as company information or icons from programs “calc.exe”, “notepad.exe”, even Windows folder icons. Why would they do this ?

It is easy for less- computer-savvy users to trust that a program is legitimate based on visible features of a file, such as its icon or file properties. Its a nice facade for malware to slip through. We recently came across a FakeAlert threat that attempts to disguise itself as a McAfee product using a spoofed McAfee icon. Perhaps FakeAlert malware authors are taking notice of McAfee as one of the world’s most trusted security companies.

Call it social engineering or just another sneaky attempt to get by. The bottom line is, looks are deceptive so don’t trust everything you see whether its a resource icon or company information in the file properties. This FakeAlert malware that brands itself  as “AntiVirus Pro 2010” is all but a spin off of FakeAlert-XPSecCenter (aka WinreAnimator amongst its many re-branded names).

The following are some updated snapshots of FakeAlert-XPSecCenter:

Please beware of this FakeAlert variant and it is not in any way related to McAfee products. Safe Surfing !!