SpywareStrike, one of the most infamous corrupt anti-spyware programs ever, has just got a brand new clone – SpyFalcon. This new application looks and works in the same manner as SpywareStrike. Furthermore, it is very similarly distributed. SpyFalcon, the same named trojan, which seems to be a variant of SpyAxe and SpywareStrike parasites, is silently installed on victim computers through insecure web sites and malicious advertisements. Some resources even use the WMF exploit to drop the trojan without user interaction.
The parasite began to spread yesterday. However, considering how rapidly its predecessors were spreading, it is only the matter of time, when a new epidemic will start. We have received the information that thousands of computers around the world have being already infected.
SpyFalcon infection symptoms are almost the same as SpywareStrike’s. Once installed, the parasite displays the system tray icon, which mimics a similar legitimate icon related to the Windows Security Center. This icon continuously pops up a fake warning message stating that the compromised computer is infected with spyware parasites. The text in a message may vary, but its purpose is always the same. It works as a link leading to Internet resources distributing SpyFalcon. The trojan may also change the Internet Explorer default home page and redirect the web browser to malicious web sites.
Currently there is no detailed information about the new threat. 2-Spyware.com is investigating the parasite. However, we already provide SpyFalcon manual removal instructions. Although these are not complete, they should help partially removing the trojan and the same named corrupt spyware remover. Please standby for more information.