Flash-based rogue AV targets users
“The page uses Flash making it look more convincing with realistic icons, progress bars, and dialog boxes,” according to the researchers. “Unsurprisingly, the fake antivirus detects plenty of viruses. Decompressing the Flash file and analyzing it shows a huge list of files contained within it.
The Flash movie then simply picks some of these at random and claims they are infected (with equally random virus names).” Users are then offered the option of removing all the found malware. If they choose not to, they are bombarded with warnings about an imminent system crash and urged to change their decision.
If they choose to remove the malware, they are offered a “Windows Risk Minimizer” for downloading and, once run, the fake solution appears legitimate. It also runs a scan and finds the system is overrun with malware. If users still fail to proceed to buy a subscription for the solution and close the window, the fake AV will vex them with pop-up warnings and balloon messages indicating a program was blocked from stealing data, identity theft is in process, or threats of prosecution.
It then claims the problems can be solved by buying a lifetime subscription and support for the fake AV for $99.