A fake Malicious Software Removal Tool using the actual icon of the legitimate software has been spotted by Trend Micro researchers.
Even a first glimpse of the scanning alert looks pretty legitimate, but it’s the “Software searching” screen which signals that something might be off:
What? Well-known antivirus solutions are not able to remove the found malware, but Shield EC ANtivirus can? Quick to the purchase! A click on the Finish button takes the victim to a billing page where name, address and credit card number is required to buy the $99,90 priced offered anti-virus solution.
It’s easy to see how this approach might fool the inexperienced computer user, but for those who know what warning signs to look for, there are two very obvious ones: the file size is way to small (412,672 Bytes) and the tool is not digitally signed.