Watch Out For Fake Anti-Virus Programs

by Sam Perry on June 3, 2010

A recent study by Google found that fake anti-virus programs accounted for 15% of malicious software attacks on computers. The study was presented at the Usenix Workshop on Large-Scale Exploits and Emergent in 2010. Using Google’s malware detection infra-structure the analysts who conducted the study, between January 2009 and February 2010, reviewed over 240 million web pages over a 13 month period and discovered over 11,000 domains involved in Fake Anti-virus distribution.


According to the Google study:

“Fake AV attacks attempt to convince users that their computer systems are infected and offer a free download to scan for malware.”

After the scan these fake virus scanners claim to find infected files. In many cases users are forced to pay a fee to download the anti-virus program in order to get rid of the fake warning. Many of these fake anti-virus programs contain malware which hides on the computer. This malware is designed to obtain personal information that the designer of the “Fake AV” can use in the performance of some kind of fraudulent activity.

According to Google “Fake AV domains often target high-profile sites.

For example, Facebook [12], the New York Times [5], and Twitter [8] have all been used to distribute Fake Anti-Virus (often through malicious advertisement or user posts). … Fake AV software masquerades as a legitimate security product with the goal of deceiving victims into paying registration fees to seemingly remove malware from their computers.

In addition these fake virus programs attach themselves to websites that contain the most popular search words of a particular day in order to scam the public.

The study divides “Fake Anti Virus Programs “, into two basic categories:

  • Drive-by download: in which the Fake Antivirus malware is downloaded onto the hard drive and/or run without requiring any user interaction.
  • Social engineering: in which user interaction is required to deliver the Fake Antivirus.

Fake virus software, often call rogue security software or “scare ware”, is usually advertised via popup windows that warn a user that there is a virus on their computer and offers to perform a free security scan. The fake program often infects the hard drive while performing the scan. The software then generally prompts the user to click to install virus clean up software or updates. Once the user agrees to purchase the software by inputting personal information the software is downloaded and the computer is infected. Fake antivirus programs are very lucrative for scammers. These programs generally sell for about $50.00. These people are hard to catch because they change domain names frequently.

According to the FBI the estimated loss to victims of the Fake Anti-Virus scams is over $150 million dollars. To eliminate becoming a victim of these rogue programs, computer owners should not order any anti-virus program advertised via popup windows. Consumers should purchase anti-virus programs that are recommended by their hardware or software vendor or are sold at the local computer store.

Related Posts

{ 2 comments… read them below or add one }

John June 8, 2010 at 11:26 am

Gotta love it when I hit a webpage and it “scans” my windows-based computer. Too bad I’m on a mac. I’m sure it has tricked some people though, and apparently, it has.

Edwina Page September 9, 2010 at 8:38 am

informative stuff, thanks

Leave a Comment

Previous post:

Next post: