FakeAV.SecuritySuite is a polymorphic rogueware that when it becomes active in memory the affected machine will no longer be able to execute files with the extension .exe. Given its polymorphic properties, the name of the dropped file will change with every execution. The file gets executed when the file gets renamed to iexplorer.exe.
Below is a sample screenshot:
When FakeAV.SecuritySuite is executed, it performs the following activities:
After execution, it drops the following files:
C:\Documents and Settings\[User]\Local Settings\Application Data\[Random 6-8 Character Folder Name]\[Random 6 Character File Name].exe
In order to scare users into purchasing, it displays fake security message. An example is below:
As with other forms of Scareware, the ultimate goal is to put enough fear into the user to purchase the bogus software.
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
