Earlier this year, I predicted this would be the year of the rootkit. So far it’s turned out to be the year of the Fakeware. I've written about Rogue/Suspect Anti-Spyware products. Spywarrior, Suzi Turner wrote last December about the Top Ten roque anti-spyware in 2005. SpyAxe topped the list and variations of this scheme have continued to spread through out the year.
The newest culprit is called VirusRescue and it’s not hard to get infected. The scheme goes something like this. You’re tipped off about a cool, funny or adult video that you really want to see. When you go to view the video, you’re told you need to download a “codec” which is required for that particular video format. This isn’t unusual except, this video codec infects your system.
A few minutes later you’ll receive your first pop-up alerting you that a virus has been detected. Of course, you can remove the virus by purchasing VirusRescue for $29.95. The VirusRescue web site looks legitimate and someone who claims to represent the company claims it’s not Fakeware. (More Info at Security Cadets)
There is some real evidence that VirusRescue is just another version other rogue programs like SpyAxe, SpyFalcon, SpywareStrike, WinAntivirusPro, SpyHeal etc… (More Info from SecurityTicker)
For a complete forensic trace of all the bad guys and their names…(Info from B.I.S.S. Portal)
WinPatrol users have reported some of the following most common filenames popping up so Scotty can remove them; ISAddon.dll, IESPlugin.dll, ISAmini.exe, ISAMonitor.exe.