Windows XP: Upgrade Guide
Defru malware, posing as an anti-virus software, is affecting Windows users in Russia, states Microsoft

Researchers at Microsoft have detected a new, relatively simple rogue anti-virus variant called Defru that attacks Windows users, and blocks them from accessing popular websites on the internet.

The malware, detected as Rogue:Win32/Defru, masquerades as a genuine anti-virus program, and initiates fake scans within Windows computers.

This malware creates a fake threat page looks like a warning prompt from an anti-virus company, and asks users to pay to obtain the full virus removal solution from the company.

The rogue program also displays a high-alert prompt that deceives users into paying for the fake anti-virus software.

"When the user is browsing the Internet, the rogue will use the hosts file to redirect links to a rather infamous specific fake website that is often used in social engineering by fake antivirus malware," states Daniel Chipiristeanu, an anti-virus researcher at Microsoft's Malware Protection centre (MMPC).

Russia

Chipiristeanu says the Defru malware is currently targeting Russian Windows users, a fact evident by a fake virus alert that he received (below) which is written in Russian.

New 'Defru' Rogue Anti-Virus Solution Affecting Windows Users in Russia, Cautions Microsoft
Microsoft Malware Protection Center

The translation of the Russian warning reads:

"Detected on your computer malicious software that blocks access to certain Internet resources, in order to protect your authentication data from intruders the defender system Windows Security was forced to intervene."

An important aspect to note at this juncture would be the fact that systems targeted by Defru, will be forced to display the fake virus alert (as explained above) every time users navigate to their favourite (or popular) websites.

The so-called anti-virus scanner even displays a list of fake malware which it claims have been found within the computer.

Since Defru constantly bugs users with fake virus/malware alerts, users may be compelled to click on the 'Pay Now' option that is generally displayed in the fake alert window.

Users who do press the Pay Now button are redirected to a payment portal called Payeer and Microsoft states that even after paying for the service, computer systems are not free of Defru.

New 'Defru' Rogue Anti-Virus Solution Affecting Windows Users in Russia, Cautions Microsoft
Translated fake scanner page Microsoft Malware Protection Center

Combating Defru

"The users can clean their system by removing the entry value from the "run" registry key, delete the file from disk and delete the added entries from the hosts file," states Chipiristeanu.

Chipiristeanu also cautions Windows users not to fall prey to paid anti-virus software. He warns people to make thorough investigations before paying for any particular digital security solution.

Windows users can view various additional technical aspects about Defru by clicking here.