Samantha Geimer

In my yesterday’s
post, I described the way spammers understood to advertise drugs, by exploiting
the reader’s avid curiosity. In less than 24 hrs, as I predicted, malware
authors thought it would be a good idea to have their share from the entire arrest
story.

Several maliciously crafted Web sites still appeared early
this morning on the first result pages displayed by search engines when queried
about the filmmaker’s fate.

When clicked, the links automatically redirect the browser towards
several Web sites registered on .cn domains holding the newest member of the
rogue family – Total Security Rogue, detected by BitDefender as Trojan.FakeAV.SQ.

Its behaviour is similar to its “relatives” – XP Antivirus,
Antivirus 2009, AV360 or Personal Antivirus. When landing on the malware
distribution Web page, the browser window is automatically minimized and a
warning message simultaneously displays, notifying the user about several
computer infections and the availability of Total Security.

By clicking either OK or Cancel buttons of the several
pop-up windows invading the screen, the user triggers a fake movie that plays in
the restored browser window.

The movie mimics an on-going scanning process that
supposedly detects malware within the system. For more credibility, the
e-criminals added a “Your Info” panel in the left side of the phony My Computer
Online Scan window, which displays details about IP, Country and City of the
user’s machine.

Total Security Rogue modifies the registry settings,
requests the user to buy/renew a license and downloads additional rogue
applications. These are also responsible for the fake alerts it displays, while
claiming to scan an alleged compromise system.