A recent study, presented by Google at the Usenix Worshop on Large-Scale Exploits and Emergent Threats in California, warns that “fake software security programs are being rigged to infect computers on a large scale”. This warning could not have come at a better time as Scammers successfully trick more people into installing malicious code on their computers. The study analysed 240 million Web pages during the past 13 months (January 2009 – February 2010) and discovered that fake anti-virus programs accounted for 15% of all malicious software detected.
This rise in malicious attacks appear to be on par with the rise in prevalence of other forms of Web-based malware – a clearly defined upward trend in the number of fake anti-virus domains that are encountered each week. According to the report, Scammers trick Internet users with fake Websites that generate pop-up messages which warn users that “so-called” scans have been performed on their computer and X amount of viruses or bad programs have been found on their machines. The result of this false alarm is that those people who are convinced that their computer is infected with a virus are then tricked into downloading fake anti-virus products that are loaded with malware that may actually harm the victim’s computer or steal private data.
Although Google has been using refined tools to filter out booby-trapped Websites, hackers have also been responding by switching domains to avoid detection, with over 11,000 Web domains discovered to be involved in the distribution of fake anti-virus through adverts during this study. Computer users are therefore advised to ignore suspicious Websites or pop-up messages and use only trusted anti-virus software on their machines. Furthermore, do not register or buy any security tool that you are unsure of regardless of its appearance especially if you already have anti-virus installed on your computer.
What else can be done to avoid becoming a victim of fake anti-virus software?