Fake antivirus is 15 percent of all malware: Google

Wednesday, 28 April 2010, 15:36 IST
Printer Print Email Email
Fake antivirus is 15 percent of all malware: Google
Bangalore: Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all malware that Google detects on websites, according to 13-month analysis the company conducted between January 2009 and February 2010. A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software, Google's study suggests, according to CNET. Google says fake antivirus scams represent half of all malware delivered via advertisements, which is becoming a problem for high-profile sites that rely on their advertisers and ad networks to distribute clean ads. Google analyzed 240 million Web pages and uncovered more than 11,000 domains involved in fake antivirus distribution for the study, which Google is set to unveil at the Usenix Workshop on Large-Scale Exploits and Emergent Threats. "As early as 2003, malware authors prompted users to download fake AV software by sending messages via a vulnerability in the Microsoft Messenger service. We observed the first form of fake AV attack involving Web sites, e.g. Malwarealarm.com, in our systems on March 3, 2007," the report says. "At that time, fake AV attacks employed simple JavaScript to display an alert that asked users to download a fake AV executable." "More recent fake AV sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface," the report continues. "In some cases, the fake AV detects even the operating system version running on the target machine and adjusts its interface to match." Fake antivirus is easy money for scammers, Niels Provos, a principal software engineer at Google said. "Once it is installed on the user system, it's difficult to uninstall, you can't run Windows updates anymore or install other antivirus products, and you must install the [operating] system," rending it unusable until it is cleaned up, he said.