Select Page

Patrick Jordan found this malicious little nugget today: Internet Security 2010. It’s a rebranded clone of Advanced Virus Remover, a rogue security product that we first found in June (Sunbelt Rogue Blog entry here.)


It’s one of your run-of-the mill rogues, using run-of-the mill scare tactics, except its payment screen contains a static graphic that imitates the McAfee Secure certification.

Copy of InternetSecurity2010_McAfeeSecure_Tested

A real “McAfee Secure” certification is a DAILY certification, it contains the date and its logo should look like this:

Real McAfeeSecure tested

When you click on it, it should take you to the McAfee Secure rating verification page: that gives the name of the certified web site and the “Status.”

McAfee return

More info about the program here.

VIPRE catches the installer that is also the rogue’s exe module:


While the rogue is active it also blocks all other applications.


The list of download sites for Internet Security 2010 is the same VX Cactus group that ran the vxgame malware operations from Jan 2005 until Nov 2008:

Thanks Patrick.

Tom Kelchner