Fake Antivirus Malware on the Rise

Paul_Lilly

We recently posted our annual antivirus shootout in which we compared 10 different AV suites, putting each one through a gauntlet of testing. One thing we found with the poorer performers is that they tended to allow malware to install a fake antivirus scanner on our test bed, imploring us to cough up our credit card to root out the infection. As it turns out, this is a pretty common method of attack.

According to a Google study, fake antivirus popups -- sometimes referred to as scareware -- now accounts for about 15 percent of all malware that Google detects on websites, which is the result of a 13-month analysis conducted between January 2009 and February 2010.

"As early as 2003, malware authors prompted users to download fake AV software by sending messages via a vulnerability in the Microsoft Messenger service. We observed the first form of fake AV attack involving Web sites, e.g. Malwarealarm.com, in our systems on March 3, 2007," the report says. "At that time, fake AV attacks employed simple JavaScript to display an alert that asked users to download a fake AV executable.

"More recent fake AV sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface," the report continues. "In some cases, the fake AV detects even the operating system version running on the target machine and adjusts its interface to match."

It's not surprising we saw this first hand. Google's research included studying some 240 million websites, in which the search giant found more than 11,000 domains distributing fake antivurs software. Caveat emptor.


Around the web

by CPMStar (Sponsored) Free to play

Comments