Date: Sat, 18 May 2013 14:11:29 +0200
- Malware alert
SystemProtector fake antivirus and Banker.LSL banker Trojan
SystemProtector is an adware that installs on targeted computers from a
malicious Web page. If a user visits the page, a message is displayed informing them that they are infected and offering a free antivirus to fix the problem. However, if the user downloads the ‘antivirus’, they will be letting the SystemProtector adware into their system.
Once run, the adware carries out a false scan of the system and detects dozens of malware samples, which are actually not present on the PC.
It then offers users the option to eliminate the malware, buying a paid version of the fake antivirus.
You can find images of the process here:
“The ultimate goal of fake antiviruses is to get money for their creators by making users buy products that actually do nothing”, explains Luis Corrons, Technical Director of PandaLabs.
Banker.LSL displays a Youtube religious video while it takes its malicious action (see image:
The Trojan uses keylogging techniques to capture the following:
* Key strokes
* Mouse movements
* Mouse clicks
* Online forms filled in by the user.
The Trojan downloads a series of TXT files where it saves the information it has obtained, and tries to send them to an external host.