Freely subscribe to our NEWSLETTER

When run, this adware warns the user that the computer is not protected. The main screen displayed is a spoof of the Window Security Center (see image: http://www.flickr.com/photos/panda_security/3313653378/)

It then pretends to scan the system for malware. If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected.

In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus.

Additionally, when infected users visit certain Web pages with comparative reviews of antivirus products, there will be redirected to a spoof page showing a review of an ‘antivirus’, called Antivirus2010, with functions and characteristics similar to Anti-Virus-1.

"By doing this, cyber-crooks hope that users will download this adware on their own initiative. This makes it far less likely that users will suspect that they have been infected and consequently more likely that they will buy the fake antivirus", explains Luis Corrons, Technical Director of PandaLabs.

Pinit.B. is a worm that displays the following screen after infecting a computer.

This worm makes a series of changes to the Windows Explorer settings. It also allows its creator to connect to the computer through Terminal Server.

Pinit.B can spread through shared and removable drives.

Werly.A, is a virus designed to infect executable (.exe) files. It is also designed to delete files with certain extensions, including DOC, TXT, XLS and ZIP.