Fake AntiVirus Programs – Criminals lure users to malicious sites and scare them into paying for fake threat removal tools

Fake AV, or Fake Anti-Virus, are one of the most frequently encountered and persistent threats on the web. This malware, with over half a million variants, uses social engineering to lure users onto infected websites with a technique called blackhat Search Engine Optimization. Fake anti-virus software (also known as scareware or rogue anti-virus) continues to be a big problem.

Once the Fake AV is downloaded onto the user’s computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. The Fake AV will continue to send these annoying and intrusive alerts until a payment is made.

The great threat of Fake AV is the risk to victims’ personally identifiable information, which is extracted and exploited by the affiliate networks that publish this malware.

Here are some of the recent developments with Fake Antivirus programs

  • Fake anti-virus poses as free McAfee VirusScan
  • Google Talk used to distribute Fake AV – Services like Gmail have transformed simple web mail and messaging into fully integrated platforms – and increased the risks of socially engineered attacks.

I just came across another instance of a long running spam campaign pretending to be a message from the user’s ISP telling them to run a file from a web link to update their email program settings. The download led to a fake anti-virus variant that was very realistic.

Dear Customer,

This e-mail was sent by yourISP.com to notify you that we have temporarily prevented access to your account.

We have reasons to believe that your account may have been accessed by someone else. Please run this file and Follow instructions:


(C) YourISP.com

Aside from its sophistication in trying to remove your valid antivirus as well as being distributed through an email, today’s sample of fake anti-virus looks and behaves like most others. It has an annoying habit of rebooting your workstation every 15 minutes or so.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: