Fake AV Still Wreaking Havoc

By Matthew Hines  |  Posted 2008-09-04 Print this article Print

Badware distribution schemes hidden under the guise of legitimate anti-virus applications continue to suck in unsuspecting end users, according to new research released by AV vendor Panda Software.

According to a paper issues by Panda on Thursday, the fake AV technique is actually growing in popularity among attackers, likely in response to the growing publicity attached to grayware downloads, malware attacks and related cyber-crimes.

Most frequently, the applications provide little to no protection and contain adware or other unwanted programs, though many also carry malicious programs, Panda said. The attacks are typically offered via free downloads, but in many other cases the programs are being delivered in concert with music or video files in hopes that users will simply mistake the applications for legitimate security tools, researchers said.

The programs often hide for a period of time before informing affected end users that they have somehow acquired a virus infection and encouraging them to download additional programs to clean up their systems.

In some cases, the applications, which typically provide no real functionality, even demand payment for the downloads.

Having been around for years, the schemes are simply getting more complex and harder to differentiate from real AV tools as attackers have ramped up their social engineering skills and made the programs and sales pitches they use appear increasingly legitimate, Panda experts report.

"Initially, these fake antivirus programs were quite elementary. They are, however, becoming more sophisticated to prevent detection by real security solutions. Many have become polymorphic (they change their form every time they are installed on a computer)," Luis Corrons, technical director of PandaLabs, said in the paper. "This investment proves cyber-crooks are obtaining significant financial benefits, and consequently, many users have fallen victim to this fraud."

In terms of protecting themselves from being successfully exploited, users should follow several steps, the company advises.

These include:

-Being wary of additional files carried along with free downloads -Avoiding spam campaigns with splashy news themes -Watching out for unexpected pop-up ads or other unusual behavior on a computer -Keeping legitimate AV programs up to date -Frequently scanning computers with trusted AV tools

It would seem that the criminals are truly tapping into the fame they've garnered through their work and playing on end users' awareness and paranoia regarding electronic attacks to deliver their payloads.

And let's face it, most useful AV applications aren't handed out for free, and those that are should be downloaded from their makers' official Web sites or well-established sites such as Download.com.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel