MA-198.102009: MyCERT Alert - Beware of Cyber Protection Center or Cyber Security Rogue Security Software 1.0 Introduction Rogue security software is a form of malicious code that deceives users into paying for the fake or simulated removal of malware. MyCERT, through its Cyber999 service had received several reports recently from victims have mistakenly installed the Cyber Protection Center and Cyber Security rogue security software and were unable to remove it. Cyber Protection Center is actually a fake alert/pop-up that impersonates Windows Security Center and promotes a misleading security application called Cyber Security. This so-called protection center is essentially part of the Trojan activities and will continually remind user that the Cyber Security malicious software has not been activated. Please note that the legitimate Windows Security Center does not promote any anti-virus software. It only informs a computer user about system protection status. MyCERT would like to highlight that the Cyber Protection Center or Cyber Security rogue security software is NOT associated with, endorsed by, or sponsored by CyberSecurity Malaysia (http://www.cybersecurity.my), or it's Board of Trustees, and has NO official or unofficial affiliation with CyberSecurity Malaysia its Board of Trustees, or its membership. 2.0 Impact Computers that have been infected with the Cyber Protection Center will have the following symptoms: - Computer will become slow although no application is running
- Users will not able to browse to the internet since the web browser has been hijacked
- Genuine security tools such as antivirus software are unable to perform as their tasks
The following popup will also appear on the infected machine 
Based on the report that MyCERT had received, users were asked to pay the activation code in order to browse the Internet or remove the software 3.0 Recommendation If you see Cyber Protection Center pop-up on your computer, this means that your PC is infected either with Cyber Security rogueware or Trojan. In such case, please use the removal guide below to remove Cyber Security and related malware from your computer manually for free. MyCERT has tested the removal tool thoroughly in preparing this advisory. - Download MalwareBytes' Anti-Malware and install it. MalwareBytes can be obtained from the following URL:
http://malwarebytes.org/mbam-download.php
- During the installation, make sure both, Update and Launch MalwareBytes' Anti-Malware are selected
- Once installed, perform a quick scan on the machine and wait for the result
- When scanning is completed, click on Show Result
- Make sure all the detected malware has been selected and click on Remove Selected
- Close Malwarebytes' Anti-Malware and restart your computer
MyCERT advises users not to simply download and install any "FREE" security software or any software in any form (office documents, video codecs, flash applications etc) for that matter as they may contain malicious codes. MyCERT would like to advise users to update their operating systems and applications with the latest security updates. It is also very important to have an antivirus software installed and to ensure that its signatures are up-to-date. Users who receive suspicious emails, URL or installer can forward them to MyCERT for further analysis. MyCERT can be reached through the following channels: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web : http://www.mycert.org.my 5.0 References |
