This Trojan has increased potential for damage, propagation, or both, that it possesses. Specifically, it is related to an attack that involves blackhat SEO poisoning of Google Image search results.
This Trojan poses as a legitimate antivirus software using various commercial names. Similar to other FAKEAV variants, TROJ_FAKEAV.BSM also displays several graphical users interfaces (GUIs) to users in an attempt to convince them of system infection and to purchase this purported cleaning software.
It gathers sensitive information from the user they choose to purchase the product. The information gathered includes credit card and contact details.
This Trojan may be downloaded by other malware/grayware/spyware from remote sites.
It deletes itself after execution.
It employs registry shell spawning by adding certain registry entries. This allows this malware to execute even when other applications are opened.
It displays fake alerts that warn users of infection. It also displays fake scanning results of the affected system. It then asks for users to purchase it once scanning is completed. If users decide to purchase the rogue product, users are directed to a certain website asking for sensitive information, such as credit card numbers.
What is qsearch.exe?
No comments:
Post a Comment