Tritax family of NameChanger FakeAV found to be having over 200 names


Security researchers claim that there are over 200 names of NameChanger FakeAV and they are all related to the Tritax Fake AV family that is known to be active since May 2009.

Fox-IT security specialist Yonathan Klijnsma has carried out a detailed study of the NameChanger Fake AV, which is currently known to have three versions NameChanger.A, NameChanger.B and NameChanger.C.

Klijnsma revealed that NameChange.A, which first appeared as early as 2010, used at least 52 different names; NameChange.B, which first appeared in May 2011, used at least 30 different names; and NameChange.C, which is currently the active one, is known to have used 138 different names already.

Fake AV is said to be spreading through the use of social engineering kits and to lure gullible users into downloading these Fake AVs, the perpetrators are utilising malvertising; spam and compromised websites to host their social engineering kits.

Victims are shown fake screens – often with animations of dummy scanning processes – wherein a warning states that the antivirus has found critical process activity and a list of known infections. Users are lured to click on ‘clean computer’ button and once pressed the malware is downloaded along with an executable that hides it.

According to the security researcher, the perpetrators have registered as many as 200 domain names in the month of January alone to commit their crimes.

Read more on 0x3a blog here.