Kaspersky Lab warns of fake trial resetter app

Kaspersky Lab, a developer of secure content and threat management solutions, is warning users of key generators and software cracks that can steal information from computers.

The malware, identified as Trojan-PSW.MIL.Agent.wx, disguises itself as a Kaspersky Trial Resetter, which is used to reset a software evaluation period that has expired.

Instead of extending the evaluation period of a legitimate software, it steals information from the infected computer -- from passwords saved in a web browser to other installed applications.

Kaspersky Lab said Microsoft's Internet Explorer is the browser most targeted by the virus, followed by Mozilla Firefox, Google Chrome and Opera.

The Trojan has so far stolen information from MSN accounts (400), Ebay accounts (175), Facebook accounts (169) and ICQ accounts (116), the company said.

"I hope these statistics will convince you that downloading pirated software is not a good idea," said Kaspersky Lab security expert Nicolas Brulez.

He added, "Users who thought they were downloading a crack for a security solution ended up being infected. It's also clear that saving your passwords within your browser isn't the best idea."

According to Brunez, a total of 1,109 computers -- or an average of 48 a day -- have been infected in 23 days. The malware was reportedly created on January 31 this year and was detected on February 6.

Germany is said to have the most number of infections at 29%, followed by Holland (11%), France (3%), Poland and United Kingdom (1% each). The remaining 55% are spread out across the globe, Kaspersky Lab said.

Nasty Fake Antivirus

According to multiple security researchers, fake antivirus software was the biggest cyber crimes in 2010 and continues to be a major on-line scam. When fake antivirus first appeared, it could really be categorized as "scareware" and was fairly innocuous. Fake AV popped up unexpectedly, told you that your system may be infected, and then launched a fake scanning engine. While some people were clearly duped, you could easily work your way out if you recognized the scam. No harm, no foul.

I recently saw a demonstration of a more modern version of fake antivirus. The bad guys have made this scam more effective and sinister. When the fake AV appears on your system now you notice a steady progression with no way out. First, it shuts down your real antivirus and removes the icon from your system tray. It then shuts down any applications you have open, claiming that they may be infected. Finally, it blocks any file with a .exe extention so you can't open any processes. This blocks all of the things you would normally try to alleviate the problem. I tried launching pre-installed antivirus software to perform a system scan, opening Windows Task Manager to kill a process, and going into Windows tools to restore the system configuration to an earlier recovery point. All of these actions were blocked. Oh and don't bother re-booting the system. This won't help either.

Basically, fake AV launches a denial-of-service attack, making your PC absolutely useless. It reminded me of the insidious pop-up spyware and adware from the early 2000s. With this type of attack, even users who know better are tempted to buy the fake AV in order to get their PC, and their precious data, back. If you can open a browser and are willing to fight on, there are numerous downloadable tools that claim to overcome fake AV. Guess what? Many of them are just another kind of malware. Cybercriminals know how to kick you when you are down.

If you do get infected, there is actually a relatively easy way out. You have to reboot your system in safe mode (press the F8 key as you do), go into system tools, and then restore your system to an earlier recovery point. When this action is completed, I recommend updating Windows and doing a full system scan with your real AV immediately.

I've read a lot of research indicating that many users either don't use AV at all or don't really maintain it. You could say that these folks deserve to be scammed but when their PCs become part of a global botnet it impacts us all. The bad guys are very good at what they do. The only chance we have is to stay smart, share information, keep our systems up to date, maintain strong defenses, and remain vigilant.