Here Comes the 50th rogue from WiniGuard rogue Family.
Screenshot of AntiKeep application
The first variant of the family was WiniGuard which was seen in wild around October 2008. Initially this family came under Innovagest 2000 SL group. They also had plans to come up with rogues for Mac but was never seen live in wild.
You can see the traces of the file installed by this first variant on Lavasoft Malware Lab's page here
We saw a very quiet period and no activity from this rogue family for a long time and a second variant was out in April 2009 and the third in June 2009. Later, they started mimicking Kaspersky Online Scanner 7.0 to scare and push their rogue application.
Later we also observed that they used almost all fake/scare scanner page templates which is/was used by different family of rogue security applications to push their crap. Then after this we saw a steady stream of clones from this family. The family also left a message to Sunbelt research team. Reports here and here
With TRE AntiVirus they changed GUI of the rogue application for the first time. Later they changed the GUI again with AntiAID .
Here is the complete list of rogue security application from WiniGuard family.
Quick Heal Cleaner
In MDL we keep the list of clones from this family updated. Follow this link here
Will this gang end their malicious activity here?
Bharath M N