Story (and pictures) from the Panda Labs website (LINK: http://www.pandasecurity.com/emailhtml/oxygen/022809_ENG_in.htm (http://www NULL.pandasecurity NULL.com/emailhtml/oxygen/022809_ENG_in NULL.htm))

Anti-Virus-1: A new fake antivirus

Anti-Virus-1 is adware, specifically a "fake antivirus". As with all such adware, it is designed to simulate a scan of the computer, supposedly detecting thousands of strains of (non-existent) malware. The end aim is to sell users a pay version of the fake antivirus in order to eliminate the threats.

When run, this adware warns the user that the computer is not protected. The main screen displayed (http://www NULL.flickr NULL.com/photos/panda_security/3313653378/) is a spoof of the Window Security Center

It then pretends to scan the system for malware (http://www NULL.flickr NULL.com/photos/panda_security/3313653384/). If users do not immediately take the bait and buy the pay version of the fake antivirus, the malicious code will sporadically display a message reminding the user that the computer is infected (http://www NULL.flickr NULL.com/photos/panda_security/3313653386/)

In warning messages, and after the fake scan, a link is provided from which users can download the fake antivirus. Anyone clicking on the link will be redirected to a page like this (http://www NULL.flickr NULL.com/photos/panda_security/3313653390/).

Additionally, when infected users visit certain Web pages with comparative reviews of antivirus products, there will be redirected to a spoof page showing a review of an ‘antivirus’, called Antivirus2010, with functions and characteristics similar to Anti-Virus-1.

"By doing this, cyber-crooks hope that users will download this adware on their own initiative. This makes it far less likely that users will suspect that they have been infected and consequently more likely that they will buy the fake antivirus", explains Luis Corrons, Technical Director of Panda Labs.