There is a new friend in the village. Many people thought that the fake antivirus (aka rogueware) business had decreased, and it was true that for a few months rogueware infections were not that prevalent, mainly due to the efforts made by law enforcement with the help of security companies, but it was a matter of time to have them back. In the last weeks we have seen an increase in the infections, and today I want to show you a new one that calls itself “Cloud AV 2012”.

Cybercriminals always try to confuse their victims, so they use names similar or equal to those used in real antivirus products. In this case they have taken advantage of the famous Panda Cloud AV to do their trick. Once it is installed in your computer, it will create a link in your desktop to open the program, but you won’t need to do it as as soon as it is installed it will open itself and will launch a system scan, which will give you as a result loads of malware found in your system. Of course that won’t be true, but they don’t care:

What any user would do here is to click on “Remove threats”, but once you click on it, a new window will pop up asking you to buy the product:

Of course, if you want to buy it you will be redirected to a web form where you can make the payment:

Of course if you give your credit card to pay the 52$, you’ll get the code to unlock the fake antivirus… if you don’t do it, you’ll get a message every now and then telling you are still infected. And what it’s worse, everytime you try to run any program in your computer it will tell you that it is infected, so your computer will be useless.

So… what to do if you are already infected? You should start your computer in Safe Mode, go to and install the real Panda Cloud Antivirus to remove all the malicious files. Easy, isn’t it? 😉