SFX Fake AV is an interesting piece of scareware roaming around, attempting to swindle gullible users into forking over dough by claiming they’ve been busted for violating copyright laws and threatening that they may be sued for violating SOPA legislation despite the bill being shelved earlier this year.
According to The Register, SFX Fake AV displays a dialog to the end-user stating that it found illegal torrent links on their PC and, interestingly enough, offers to help solve the problem by activating an “anonymous data transfer protocol” for the torrent links.
That comes after SFX Fake AV disables any legitimate antivirus software installed on the machine, stops Process Explorer (procexp.exe) and keeps any browsers from loading to force the user into supplying payment information.
In addition to holding the compromised system hostage and offering an alleged way to evade authorities while downloading illegal torrents, SFX Fake AV also performs a bogus system scan that identifies the Windows Registry Editor (regedit.exe) as a “porn tool.”
Bruce Harrison, VP Research at Malwarebytes, whose free scanner first detected SFX Fake AV, told The Register, “SFX Fake AV is morphing at a relatively fast rate, so it is something that signature-based vendors will have to watch out for as there will be an increasing number of variants in the wild. Also, the use of Dropbox as a delivery mechanism is a something that the industry is going to have to take into account and protect against, as it is an emerging trend.”
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.