It's getting harder and harder to tell the fake antivirus apart from the real software as cyber-criminals improve the look and feel of the scareware programs.
Developers
of fake antivirus software are getting better at copying the look and feel of
legitimate antivirus products to make it harder for victims to tell whether
they are being scammed or not, according to Kaspersky Lab.
A
fake antivirus Website was found specially designed to mimic the interface for
antivirus products from Kaspersky Lab, Symantec's Norton and Avira, Dmitry
Bestuzhev, an antivirus researcher at Kaspersky Lab, wrote on the SecureList
blog Nov.29. The initial infection was triggered by a dropper Trojan that
downloaded onto the user's computer the fake screen that closely resembled
legitimate software.
In
the past, rogue antivirus products were fake screenshots taken from a generic
template. "These fakes didn't claim to find any infections-the victim was
simply ripped off after paying for a useless product," said Bestuzhev. A
recent version observed by Kaspersky Lab simulates the actual scanning process
on the victim's PC, he said.
Kaspersky
Lab researchers noted at the beginning of the month a "substantial
decrease" in the number of fake antivirus programs since earlier this
year. There were 10,000 daily attempts to infect users with fake antivirus,
down dramatically from the 50,000 to 60,000 daily attempts back in June, according
to Vyacheslav Zakorzhevsky, a senior malware analyst in Kaspersky Lab's
heuristic detection group.
However,
lately there appears to have been a resurgence of fake AV links, according to
McAfee.
The
legitimate-looking scareware is a big problem during the holiday shopping
season as fake AV is one of the most common and dangerous Internet threats,
McAfee said. Users are being warned to be on the lookout for scams and fake
deals and instructed to download and update security software. A user trying to
be proactive may not realize he or she is downloading a fake tool that does
nothing to protect the machine.
Zakorzhevsky
also noted how some versions of fake software mention cloud protection,
"apparently trying to take advantage of a fashionable new concept."
Many security vendors have recently updated their antivirus and security suite
to include a cloud element where suspicious software is scanned in the cloud,
and malware developers are pretending to have similar capabilities.
In
addition, Kaspersky Lab recently warned of a phishing campaign that pushes an
"Antivirus & Security Complete Antivirus Protection Solution."
The scammers did a "good job," sending out an email that looked like
an official Kaspersky email with a URL that looked like it could come from
Kaspersky Lab, according to Maria Namestnikova, a senior spam analyst for the
content filtering group at Kaspersky Lab. Victims who clicked on the link in
the mail were directed to a Website that instructed them to enter credit card
details and email address in order to buy the Kaspersky product.
Namestnikova
and Zakorzhevsky warned users to "proceed with caution" if prompted
with notifications about "Windows errors" or "system
infections" and recommended users go directly to the vendor site to buy
security software instead of clicking on links.
The
FBI has estimated losses caused by scareware at over $150 million. Zakorzhevsky
has seen deals on underground forums where cyber-criminals invite others to
become distributors and earn $25 for every scareware that is installed and paid
for. The distributor receives a little over a third of the total price paid by
the victim, and the rest of the money goes to the scammers actually running the
operation, he said.
Email
Print
