After years of rogue antivirus and antispyware products, scaring users by tens or hundreds non-existing infections it seems that there is new way how to rip off computers user -  we have noticed malware pretending to be “Antipiracy client scanner ”. This software, when executed, blame victim of copyright violation and offers “solution” – if you pay certain amount of money, you will get right to amnesty…

Let's have a closer look at this piece of "software".

Distribution:  The way how the executable is delivered might vary, in our particular case it was downloaded by rogue antivirus.

Upon download, there is bunch of files extracted to the %APPDATA%\ IQManager folder and file named iqmanager.exe is executed then there is connection attempt made in order to obtain further information and localized content.  Yes, main parts of application are quite well localized (you can even change the language)  it is not  poor machine translation we might see in some SPAM emails or rogue products.

To increase credibility, application claims relation to the MPAA, RIAA and The Copyright Alliance. There is also information about  computers’ public IP (or IP of ISP in most cases) displayed and you can even reach localized “Copyright law of the European Union” by clicking on the icons under Lawsuit preview.

A victim of this fraud is offered to “Pass the case to court”…

…or “Settle case in pre-trial order”  and pay $399.85 for amnesty. User is asked to fill in credit card detail and despite the fact form is not connected to any transaction system, sensitive data are sent to bad boys to be missused later.

Malware is detected by the AVG as “Trojan horse FakeAlert.RF” and related website is blocked by the AVG LinkScanner.

Ondra Novotny

Read more here: AVG | Top Threats

Tags | AVG virus alert