FYI...
Rogue AV still finds a niche...
- http://www.threattracksecurity.com/i...l-finds-niche/
Oct 31, 2014 - "... recently observed the Asprox botnet distributing malicious spam – like the image below of a purported WhatsApp voicemail notification – with attachments infected with Kuluoz, a downloader for Asprox, that is used to drop affiliate payloads onto PCs.
WhatsApp spam delivers Kuluoz downloader dropping Rango Rogue AV:
> http://www.threattracksecurity.com/i...tsApp-Spam.jpg
Kuluoz dropping Rango - rogue AV from the Fakerean family of rogues:
> http://www.threattracksecurity.com/i.../10/Rango1.png
Once infected with Rango – which can dynamically change its name depending on the OS environment in which it is installed – it will begin alerting users that their machine is infected with malware and directing them to purchase Rango.
Rango generates dire warnings designed to scare users into purchasing false protection:
> http://www.threattracksecurity.com/i.../10/Rango3.png
Victims who make it this far - hand over their credit card information...:
> http://www.threattracksecurity.com/i.../10/Rango4.png
Rango even goes as far as to create a fake Windows Action Screen to help persuade users into accepting it as a recognized and trusted antivirus program... Rango also stops users from running applications, falsely claiming they are malicious... users who mistakenly -pay- the ransom for Fakerean rogues typically download an .exe file which removes any fake files and stops blocking access to applications. Subsequent “scans” with the rogue typically will not show any future false detections. A ThreatAnalyzer dynamic malware analysis report of Rango is available here*."
* http://www.threattracksecurity.com/i...s-fakerean.pdf