New Rogue: UserProtection

by LS Anders on March 19th, 2010 in Rogues, Security Alert.

UserProtection is a new rogue anti-virus application. It is a clone of PaladinAntivirus.

UserProtection is spread through fake codec pages. The user is told to download a certain codec to view online videos. However, the downloaded file will not install any codec - it will launch the download of UserProtection. Once installed, UserProtection will start claiming that the system is under attack; this is to try to get the user to license the application.

Ad-Aware will detect UserProtection as Win32.FraudTool.UserProtection and Win32.FraudTool.PaladinAntivirus.