Endpoint Protection

 View Only

Nort “what” AV? 

Sep 01, 2009 05:17 PM

Does the following screenshot look familiar to you? It sure does to us here at Symantec because it looks nearly identical to our Norton 2009 product. However, it is actually a misleading application we detect as Trojan.Fakeavalert.

imagebrowser image

The website that is used by the security risk to corral users to purchase rogue software looks suspiciously like our Norton site as well:

imagebrowser image

Besides using our brand name and Nortel's, there is another interesting trick that I thought would be worth a mention so no one gets fooled by this scam. Once infected with the security risk, the computer may suddenly explain that the user has a spyware infection and the following blue screen may appear:
imagebrowser image

After a while the screen shows that a memory dump has been taken and then the Windows XP logon splash screen appears before returning to the desktop:

imagebrowser image

But, the reality is that the malware is producing the video in full screen with the mouse and keyboard locked so that the user cannot take control the computer until the show ends. Note that Green Antivirus—which is another misleading application that was released at almost the same time as this one—shares the same programming code as Nortel Antivirus. Please don't be fooled into buying this software while thinking that it is friendly to the ecosystem!

imagebrowser image.


* Update - 25 September 2009

Nortel has contacted us to let us know that they have posted a security alert on their website to warn users about this threat. You can visit the Nortel security alert page here: http://www.nortel.com/corporate/alert.html.

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.