Security news and informationVirusBurst bursts onto the scene as the latest rogue anti-spyware app.
I keep a close eye on the various infector files that install the many rogue anti-spyware applications that are on the market and recently there has been a lull in new releases. Where before a new infector would be released almost daily, it has been a couple of weeks since a new variant has been released. Why? Because our good friends at:
Burst Technology GesmbH
Judi Stewart (judi.stewart@gmail.com)
Davidgasse 87
Vienna
null,A-1100
AT
Tel. +431.3365073
have been designing a new variant called VirusBurst.
VirusBurst Screen
Don’t let the name fool you, though, this is just the same old rogue anti-spyware wrapped into a new disguise. VirusBurst is also from the same makers of SpywareQuake, SpyFalcon, SpyAxe, SpywareStrike, etc, etc.
This latest incarnation currently uses the C:\Windows\System32\eowygj.dll file to infect you. Once loaded it will download VirusBurst and install the software without permission while displaying fake security alerts like the one shown below. VirusBurst’s security alert contains the text “System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software.” When you click on this fake alert it will bring you to hxxp://www.virusburst.com/?aff=321.
One of the things I find most amusing about these programs are that they detect the file that is used to download and install it as a Trojan. Take a look at the above screen shot of VirusBurst. Notice how it detects C:\Windows\System32\eowygj.dll and says it’s a trojan. Talk about deceptive tactics huh?
Fake Security Alert from VirusBurst
By tomorrow the various rogue anti-spyware removers will be updated to remove this variant. Until these tools are updated, though, we have put together a removal guide which can be found here:
