Kaspersky: Fake Antivirus Scareware on the Rise
Kaspersky: Fake Antivirus Scareware on the Rise
Posted 01/26/2011 at 8:43am
| by Paul Lilly
4
Comments
Print
Fake antivirus software masquerading around as the real deal is quickly becoming one of the oldest (and most used) tricks in the malware manual, and for good reason. It's easy to dupe less savvy computer users, especially as these bogus programs have become adept at looking the part. The latest one making the rounds is a false AV scanner called Antivirus 8.
"Over the last few days, we received numerous reports of computers infected with fake antivirus (scareware)," Roel Schouwenberg, senior antivirus research for Kaspersky, wrote in a blog post. "The name of this particular culprit is Antivirus 8."
According to Schouwenberg, fake pop-ups related to the bogus application were appearing on users' systems while not actively using their PC. Instead, they were running as soon as ICQ began fetching/displaying new ads. As Schouwenberg explains it, malware writers went through the trouble of setting up servers that appear to be related to actual retail products, so to outsiders (like Kaspersky) looking in, it appears the 'store' was simply the victim of an attack and the dirty ads keep rolling.
"By making it look like their server got compromised, the criminals can claim it isn't them who's responsible for distributing the malware," Schouwenberg explains. "But rather someone else who hacked their server to spread malware. The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines."
How it works isn't really important here, as none of this is going to matter to inexperienced users in the first place. Instead, now might be a good time to remind family and friends -- the ones who seem to ring your number every couple weeks with a new computer problem -- not to fall for fake AV scams.
Image Credit: Kaspersky
More like this
4
Comments
Comments are closed on this article
andrewc513
January 26, 2011 at 9:56pm
"On the rise"? Again? These things have been equally rampant in hundreds of variants for the past few years(Antivirus 2008, anyone?), I always get a chuckle when articles claim they're "on the rise". But I'm sure it's more apparent since I'm a PC technician...
It's an easy fix after you've done it once or twice, even the newer ones that infect the MBR. The MBR-infecting rogues have chilled out in the past month, and I'm mostly getting the easy ones in my shop.
And in reply to Blues: Yep, there's no limit to the crap. WhiteSmoke translator, for example. That one paves a pathway for the Alureon rootkit. The rogue utilities are the scariest for my clients because they **claim** data loss rather than simple infections. Totally bogus to a keen eye, but end-of-the-world-scary for your average user.
mesiah
January 26, 2011 at 11:05pm
Personally I would consider them on the rise. While they have been around for years you used to have to go to some shady sites or stumble apon a site that has been hacked to get infected. Now they are being distributed through major add programs. I have had several people report infection while surfing major main stream web sites. I myself actually got hit with it while browsing gizmodo on a test machine.
It is a fairly easy fix, and I am usually not effected thanks to adblock and noscript. But I have gotten more than a few panicked calls in the past month because of this crap. Thats just my experience though, I guess it could be a coincidence.
jjroid
January 26, 2011 at 12:07pm
HA! My friend just came over to my apartment last week because he downloaded this!
Blues22475
January 26, 2011 at 11:30am
It's not just fake anti-viruses now; I've seen some computers infected with a virus that was masquerading as a 3rd party defragmentation program.
In regards to Anti-Virus 8 I've seen a couple of variants but removed them all the same. The variants I've seen usually had booting issues associated with it. I would have to use Fixboot and Fixmbr to get the machine to boot, then when I am able to do so Anti-Virus 8 pops up straight away (even in Safe Mode).
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 17 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 17 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 15 hours ago
