Fake Anti-Virus is Back and Harder to Spot
By: Nick Clayton, The Wall Street Journal
There seemed to be a real decline in the number of fake anti-virus programs. The number of daily infection attempts fell to around 10,000 in early November compared with 50-60,000 in June according to Russian security company Kaspersky Lab.
However eWeek reports that the lull may only have been temporary and criminals are getting better at accurately copying legitimate sites:
A fake antivirus website was found specially designed to mimic the interface for antivirus products from Kaspersky Lab, Symantec’s Norton and Avira, Dmitry Bestuzhev, an antivirus researcher at Kaspersky Lab, wrote on the SecureList blog 29 November. The initial infection was triggered by a dropper Trojan that downloaded onto the user’s computer the fake screen that closely resembled legitimate software.
In the past, rogue antivirus products were fake screenshots taken from a generic template. “These fakes didn’t claim to find any infections – the victim was simply ripped off after paying for a useless product,” said Bestuzhev. A recent version observed by Kaspersky Lab simulates the actual scanning process on the victim’s PC, he said.
Kaspersky Lab also said scammers had done a “good job” with a “phishing” e-mail that directed recipients to a legitimate-looking site where they were asked for their credit card details. Meanwhile, according to eWeek another major anti-virus vendor, McAfee, has issued a warning about an increasing number of links to fake products.
The legitimate-looking scareware is a big problem during the holiday shopping season as fake AV is one of the most common and dangerous Internet threats, McAfee said. Users are being warned to be on the lookout for scams and fake deals and instructed to download and update security software. A user trying to be proactive may not realize he or she is downloading a fake tool that does nothing to protect the machine.