Site icon Emsisoft | Cybersecurity Blog

Malware Alert: “Defru” Rogue Performs Fake Scan in Browser


Rogue Alert!

A new browser-based rogue security scanner Microsoft has named Rogue:Win32/Defru pretends to find malware on your computer, attempts to sell you fake security products, and prevents you from connecting to over 300 common websites – many of which belong to companies that sell legitimate security products. Those familiar with rogue security products will know that such capabilities have been employed by attackers for years; however, Microsoft reports that Defru is notable due to its simplified, browser-based approach.

Defru Play-by-Play

Defru modifies the infected PC’s hosts file, which is responsible for website navigation. If the user attempts to navigate to one of more than 300 websites Defru has been designed to recognize, they will instead be redirected to an infamous “PC Defender” rogue site: pcdefender[.]co[.]vu.

Users need not download anything from PC Defender to be scammed. Rather, the website simply displays a graphic that looks like a scan within the website’s browser window. The “scan” then pretends to find malware as it runs, and cites a number of fake malware variants. After “finding” these threats, the website offers malware removal, for a fee which can be paid via credit card at Payeer.com.

How Can I Tell If I’m Infected?

If you try to navigate to a normal website but are instead redirected to a site like the one pictured above, you may be infected by Defru. Note: your navigation bar will display the website you typed into it, not pcdefender[.]co[.]vu.

Microsoft has prepared a full report on Defru, which includes a list of all the websites it can perform redirects on here. Presently, emsisoft.com is not part of that list. This means that if you suspect your computer has been infected, you can navigate to support.emsisoft.com to receive assistance from one of our malware removal experts. Alternatively, advanced users can find removal instructions at the end of this blog post from Microsoft malware researcher Daniel Chipiristeanu.

Have a great (rogue-free) day!

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

 

Exit mobile version