"By the time a user downloads and runs [Microsoft Safety Scanner] to detect malware, the machine may have already been infected, if it was vulnerable to the exploit at the time," acknowledged Wu and Faulhaber.
Alureon made news in February 2010 when Windows XP systems infected with the rootkit were crippled after a Microsoft security update. And Winwebsec, as Microsoft called the line of phony antivirus software that dupes victims into paying for the worthless program, has been linked to MacDefender, the scareware that's been plaguing Mac users all month.
Safety Scanner, which replaced an older online-only tool, uses the same technology and detection signatures as Microsoft's free consumer-grade Security Essentials antivirus program and its Forefront Endpoint Protection product for enterprises.
Sign up for CIO Asia eNewsletters.