PandaLabs, Panda Security’s laboratory for detecting and analysing malware, has detected an increase the use of fake antivirus products to infect users with malware. Often appearing on the Internet as free downloads, these applications pass themselves off as antivirus utilities; alternatively they can be concealed in other files downloaded by users, including music or video files.
Once on a system they tell the user (who is often unaware that the application is on their system) that a virus has been detected. They then invite them to buy the full version of the antivirus to disinfect the computer (you can see an example of these fake antivirus programmes here: http://www.flickr.com/photos/panda_security/2678703471/ .
If users don’t purchase the antivirus, it continues displaying non-existent infections and pop-ups inviting users to purchase the fake security software – which in reality does not detect or delete anything. If they buy it, they will have paid for a useless programme. This is how cyber-crooks reach their main objective: to profit financially through malware.
Additionally, to prevent users from checking whether they are genuinely infected or not, these programmes usually attempt to block the web pages of real online antivirus scans as well as security vendors’ sites.
“Initially, these fake antivirus programmes were quite basic; however, they are becoming more sophisticated to prevent detection by real security solutions. Many have become polymorphic – which means they are able to change their form every time they are installed on a computer. This investment proves cyber-crooks are obtaining significant financial benefits, and consequently, many users have fallen victim to this fraud,” explains Jeremy Matthews, head of Panda Security’s sub-Saharan operations.
How to avoid falling victim to these fake antivirus products
– Be careful with what you install: On many occasions these programmes are associated to other downloads. i.e. users could download a legitimate programme and one of these programmes could be included in the package. Usually, there is a non-installation option. PandaLabs recommends users to carefully check the programmes that are entering the computer during the download.
– Ignore emails with eye-catching news or subjects: Many of these programmes have been distributed in recent weeks using social engineering techniques – sending emails with eye-catching subjects (you can see an example here: http://www.flickr.com/photos/panda_security/tags/fakeantivirus/ ). These emails invite users to click a link to watch a video or images of the false news. If they do, they will be allowing some kind of malware to enter their computer, e.g. fake antiviruses.
– Be suspicious of unusual behaviour: If a programme you don’t remember installing begins to display false infections or pop-ups inviting you to compare some type of antivirus, watch out. Most likely one of these malicious programmes has been installed (example of pop-up of a fake antivirus: http://www.flickr.com/photos/panda_security/2679524216/ )
– Keep all your programmes up-to-date: An outdated programme is a potentially vulnerable programme. Consequently, you should keep all applications installed on the computer up-to-date, since many malicious codes use existing computer vulnerabilities to enter and infect them.
– Scan your computer with a reliable security solution: You are advised to periodically scan your computer with a trusted security solution. This way, if one of these samples is resident on the computer, it can be detected and eliminated. Panda Security provides, at Infected or Not (http://www.infectedornot.com), a free online scan tool for home-users and companies.