Virus writers are a tricky bunch, though their schemes are often glaringly obvious, at least to the tech savvy. The problem is, there are scores of users who don't fall into this category, and according to Symantec, there's a new ploy making the rounds that we have no doubt will be effective. It's called the AnVi Antivirus, and what it does is instruct victims to uninstall their AV software.
"Uncertified [AV program name] antivirus software detected on your computer. You need to remove [AV program name] software for correct operation of the Antivirus," the rogue popup reads. "Attention: If you don't remove [AV program name] software, the performance of your computer will dramatically degrade. Press 'OK' to remove the [AV program name].
At this point, it doesn't even matter if the user mashes the 'OK' button, the uninstall process will initiate regardless. Once removed, the malicious program then connects to a website to download its own supposed AV program, which as you might have guessed is a virus in sheep's clothing.