Kristy Ross, suspected ringleader of a "scareware" scam that tricked over a million consumers into buying software to remove malware detected by fake antivirus scans, has been ordered to pay more than $163 million in damages, the Federal Trade Commission announced. The court also permanently barred Ms. Ross from selling security software of any kind, as well as any software that might interfere with a consumer's computer use or engage in any from of deceptive marketing.
Fake antivirus is by no means a recent phenomenon. In fact, it has been around for ages, with the first documented instance of fake antivirus reportedly dating back to 1989. Of course, it has become much more widespread over the past few years. But in case you needed reminding that rogue antivirus software continues to be a threat, security firm Websense has just the reminder for you.
How many times have you been called to fix a PC that was invested with malware, only to discover that the user fell for one of the oldest tricks in the malware Bible, fake AV and utility programs? It's a common occurrence because, well, it simply works. Fake AV programs disguised as legitimate security software is getting tougher to discern from the real deal, and that's bad news for less savvy computer users. Security vendor McAfee put together a "Dirty Dozen" list of the most common fake AV software and utilities, and some of the entries might just surprise you.
Fake antivirus software masquerading around as the real deal is quickly becoming one of the oldest (and most used) tricks in the malware manual, and for good reason. It's easy to dupe less savvy computer users, especially as these bogus programs have become adept at looking the part. The latest one making the rounds is a false AV scanner called Antivirus 8.
"Over the last few days, we received numerous reports of computers infected with fake antivirus (scareware)," Roel Schouwenberg, senior antivirus research for Kaspersky, wrote in a blog post. "The name of this particular culprit is Antivirus 8."
According to Schouwenberg, fake pop-ups related to the bogus application were appearing on users' systems while not actively using their PC. Instead, they were running as soon as ICQ began fetching/displaying new ads. As Schouwenberg explains it, malware writers went through the trouble of setting up servers that appear to be related to actual retail products, so to outsiders (like Kaspersky) looking in, it appears the 'store' was simply the victim of an attack and the dirty ads keep rolling.
"By making it look like their server got compromised, the criminals can claim it isn't them who's responsible for distributing the malware," Schouwenberg explains. "But rather someone else who hacked their server to spread malware. The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines."
How it works isn't really important here, as none of this is going to matter to inexperienced users in the first place. Instead, now might be a good time to remind family and friends -- the ones who seem to ring your number every couple weeks with a new computer problem -- not to fall for fake AV scams.